EP1690375A1 - System und verfahren zum aufbau einer heim-domäne durch verwendung einer chipkarte, die informationen einer heimnetzwerk-mitgliedereinrichtung enthält - Google Patents

System und verfahren zum aufbau einer heim-domäne durch verwendung einer chipkarte, die informationen einer heimnetzwerk-mitgliedereinrichtung enthält

Info

Publication number
EP1690375A1
EP1690375A1 EP04808248A EP04808248A EP1690375A1 EP 1690375 A1 EP1690375 A1 EP 1690375A1 EP 04808248 A EP04808248 A EP 04808248A EP 04808248 A EP04808248 A EP 04808248A EP 1690375 A1 EP1690375 A1 EP 1690375A1
Authority
EP
European Patent Office
Prior art keywords
home network
network member
home
challenge value
master
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
EP04808248A
Other languages
English (en)
French (fr)
Inventor
Jae-Heung 204 Hyundaivill LEE
Myung-Sun 105-104 Daewoo Apt. KIM
Su-Hyun Nam
Yong-Jin Jang
Yang-Lim 112-2403 Kachi Maeul Sukyung Apt. CHOI
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Samsung Electronics Co Ltd
Original Assignee
Samsung Electronics Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from KR1020040010409A external-priority patent/KR101086399B1/ko
Application filed by Samsung Electronics Co Ltd filed Critical Samsung Electronics Co Ltd
Publication of EP1690375A1 publication Critical patent/EP1690375A1/de
Withdrawn legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0853Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal

Definitions

  • the present invention relates to a method of joining a controlled device to a home network, and more particularly, to a method of joining a controlled device to a home network domain by using a smart card which contains information of the controlled device.
  • the xCP cluster protocol is a technology based on broadcast encryption and adopts a method of introducing a domain concept called a cluster and allows devices included in the cluster to freely use each other's contents.
  • FIG. 1 is a block diagram of a conventional home domain with a master-slave structure.
  • FIG. 2 is a flowchart illustrating a process wherein a master device authenticates legality of a device intending to join a home domain.
  • a process of building an authenticated home domain 100 with a master-slave structure on the basis of the xCP cluster protocol is described. The process is largely divided into a cluster generation process in step S210 and a device authentication process in step S220.
  • a first device 110 which is connected to a certain home network at first, generates a binding identification (IDb) of the home network in step S212.
  • the IDb is a unic ⁇ e identifier set when the device is manufactured or set by a user.
  • a cluster identified by the IDb i.e., a domain, is generated.
  • Each of devices 120, 1 0, and 140 which intend to use contents stored in the first device 110, extracts a media key (Km) from a media key block (MKB) using a device key in step S221.
  • Km media key
  • MKB media key block
  • Each of the devices 120, 130, and 140 generates a secret key (Kp) using the extracted Km and a personal ID (IDp) in step S223.
  • the first device 110 obtains Kp' using the Km and the IDp, compares a hash value obtained using the Kp' and the hash value h received from each of the devices 120, 130, and 140 and determines whether the hash values h and h' are the same.
  • the first device 110 transmits E(IDb)Kp, in which the IDb is encrypted using the Kp, and the IDp, which is a uniqie ID of each of the devices 120, 130, and 140, to the devices 120, 130, and 140 and adds the IDp in an authentication table (auth.tab).
  • E(IDb)Kp in which the IDb is encrypted using the Kp
  • IDp which is a uniqie ID of each of the devices 120, 130, and 140
  • the authenticated home domain 100 which includes a master device 110 and slave devices 120, 130, and 140, is built. After the authenticated home domain 100 is built, the slave devices 120, 130, and 140 can receive contents from the master device 110 and use them.
  • a controlled device authenticated as a legal device by a master device joins an authenticated home domain more simply and safely by reading a smart card corresponding to the controlled device in a smart card reader.
  • FIG. 1 is a block diagram of a conventional home domain with a master-slave structure
  • FIG. 2 is a flowchart illustrating a process wherein a master device authenticates legality of a device intending to join a home domain
  • FIG. 3 is a block diagram of a home network consistent with an exemplary embodiment of the present invention.
  • FIG. 4 is a flowchart of a method of building a home domain consistent with an exemplary embodiment of the present invention
  • FIG. 5 a block diagram of a master device consistent with an exemplary embodiment of the present invention.
  • FIG. 6 is a block diagram of a guest device consistent with an exemplary embodiment of the present invention. Best Mode
  • a home domain building system comprising: a guest device, legality of which is authenticated by a master device in a home domain; and a data storage medium which stores device information of the guest device, wherein the device information, after the legality of the guest device is authenticated by the master device, is read by the master device and used for the master device to join the guest device to the home domain.
  • a home domain building system comprising: a guest device, legality of which is authenticated; a data storage medium which stores device information of the guest device; and a master device in a predetermined home domain, which, after the legality of the guest device is authenticated by the master device, reads the device information of the guest device and joins the guest device in the home domain on the basis of the read device information.
  • a home domain building method of joining a guest device in a predetermined home domain in a home network comprising a master device in the home domain and the guest device, legality of which is authenticated by the master device, the method comprising: the master device reading device information from a data storage medium storing the device information of the guest device; and the master device joining the guest device in the home domain on the basis of the read device information.
  • the master device joining the guest device in the home domain on the basis of the read device information may comprise: transmitting a challenge reqiest signal from the master device to the guest device; generating a challenge value in response to the challenge reqiest signal in the guest device and transmitting the challenge value to the master device; encrypting the challenge value using a predetermined encryption algorithm in the master device and transmitting the encrypted challenge value to the guest device; decrypting the encrypted challenge value using the predetermined encryption algorithm in the guest device; and determining whether the decrypted challenge value is the same as the generated challenge value in the guest device, and if the decrypted challenge value is the same as the generated challenge value, allowing the master device to join the guest device in the home domain.
  • a home network member device comprising: a communication unit, which, when device information of the home network member device is read by a master device in a home domain from a storage medium having the device information, exchanges predetermined information with the master device on the basis of the read device information; and a master device authentication unit, which authenticates whether the master device has a right to join the home network member device in the home domain by exchanging the predetermined information.
  • the master device authentication unit generates a challenge value in response to a challenge reqiest signal received from the master device, decrypts the challenge value encrypted in the master device using a predetermined encryption algorithm, determines whether the decrypted challenge value is the same as the generated challenge value, and if the decrypted challenge value is the same as the generated challenge value, allows the master device to join the home network member device in the home domain.
  • the device information comprises a device ID, which is used to distinguish the home network member device and referred to by the master device to determine a guest device to transmit the challenge reqiest signal, and a device key, which is used as an encryption key for encrypting the challenge value.
  • the master device authentication unit has a same decryption key as the device key, and if the predetermined encryption algorithm is an asymmetric encryption algorithm, the master device authentication unit has a secret key making a pair with the device key.
  • a master device authentication method that allows a home network member device to authenticate a master device in a home domain, the method comprising: the home network member device, when device information of the home network member device is read by a master device forming a home domain from a storage medium having the device information, exchanging predetermined information with the master device on the basis of the read device information; and the home network member device authenticating whether the master device has a right to join the home network member device in the home domain by exchanging the predetermined information.
  • a computer readable medium having recorded thereon a computer readable program for performing the master device authentication method.
  • a computer readable medium having recorded thereon a computer readable program for performing a master device authentication method that allows a home network member device to authenticate a master device in a home domain, the method comprising: the home network member device, when device information of the home network member device is read by the master device in the home domain from a storage medium having the device information, receiving a challenge reqiest signal from the master device; the home network member device generating a challenge value in response to the challenge reqiest signal and transmitting the challenge value to the master device; the home network member device receiving the challenge value encrypted using a predetermined encryption algorithm by the master device and decrypting the encrypted challenge value using the predetermined encryption algorithm; the home network member device determining whether the decrypted challenge value is the same as the generated challenge value; and the home network member device, if the decrypted challenge value is the same as the generated challenge value, allowing the master device to join the home network member device in the home domain.
  • a first home network member device which operates as a master device in a home domain in a case where a device mode of the first home network member device is set to master mode and joins a second home network member device in the home domain, comprising: a data reader, which, when the first home network member device operates as a master device, reads device information of the second home network member device from a data storage medium of the second home network member device; and a device join processing unit, which joins the second home network member device in the home domain through exchanging predetermined information with the second home network member device on the basis of the read device information.
  • the device join processing unit joins the second home network member device in the home domain in a case where legality of the first home network member device is authenticated by the second home network member device.
  • the device join processing unit joins the second home network member device in the home domain in a case where the device join processing unit transmits a challenge reqiest signal to the second home network member device on the basis of the read device information, receives a challenge value generated in response to the challenge reqiest signal by the second home network member device, encrypts the challenge value using a predetermined encryption algorithm, transmits the encrypted challenge value to the second home network member device, and receives an authentication result that the encrypted challenge value is legal from the second home network member device.
  • the device join processing unit joins the second home network member device in the home domain in a case where it is determined by the second home network member device that a challenge value that is decrypted from the encrypted challenge value using the predetermined encryption algorithm is the same as the generated challenge value.
  • a method of allowing a master device in a home domain, which is a first home network member device, to join a second home network member device in the home domain comprising: the master device, reading device information of the second home network member device from a data storage medium of the second home network member device; and the master device joining the second home network member device in the home domain through exchanging predetermined information with the second home network member device on the basis of the read device information.
  • a computer readable medium having recorded thereon a computer readable program for performing the method that allows a master device in a home domain to join another home network member device in the home domain.
  • a data storage medium which is used for a master device in a predetermined home domain to join a guest device, legality of which is authenticated, in the predetermined home domain, comprising: a device information storage unit, which stores device information of the guest device, wherein the device information stored in the data storage medium is read by the master device and the read device information is used for joining the guest device in the predetermined home domain.
  • the device information comprises a device ID, which is used to distinguish the guest device, and a device key, which is used as an encryption key for encrypting predetermined information when the guest device is joined to the predetermined home domain.
  • the data storage medium is a smart card.
  • FIG. 3 is a block diagram of a home network consistent with an exemplary embodiment of the present invention.
  • One of devices 310 through 360 configuring a home network is set as a master device 310, devices authenticated as legal devices by the master device 310 are set as guest devices 320 through 360, and devices selected by a user of the guest devices are joined as slave devices 320, 330 and 340 in a domain. At this time, the devices selected as the slave devices by the user are registered in a slave device list (not shown) of the master device 310. Meanwhile, the devices 320 through 360 have smart cards 320a through 360a corresponding to the devices 320 through 360, respectively, and the master device 310 has a card reader 310a.
  • Each of the smart cards 320a through 360a allocated to devices 320 through 360 stores device information including a serial number of a device, a device ID, which can be used to distinguish a certain device from other devices such as a universal uniqie identifier (UUID) in a case of universal plug and play (UPnP), and a device key used for data encryption.
  • the device information is used to join a guest device to a home domain by changing the device mode of the guest device to the slave mode.
  • Each of the devices 320 through 360 has a key corresponding to the device key stored in the smart card, and if a system is built by a symmetric encrypting method in which an encryption key and a decryption key are the same, each of the devices 320 through 360 has a secret key eqial to the device key stored in the corresponding smart card, and if a system is built by an asymmetric encrypting method in which an encryption key and a decryption key are different from each other, each of the devices 320 through 360 has a secret key making a pair with the device key, which is a public key, stored in the corresponding smart card.
  • the smart card which is a kind of integrated circuit (IC) chip card
  • IC integrated circuit
  • a memory card can be simply adopted, and an optical recording medium or a magnetic recording medium can also be adopted instead of the smart card. That is, if information can be written to and read from a medium, any medium can be applied to the present invention without considering a type of the medium.
  • the smart card is used in the exemplary embodiment.
  • the card reader can be used as the smart card reader 310a whether it is an insert style card or a non-insert style card.
  • the smart card reader 310a can be a non- insert style card.
  • FIG. 4 is a flowchart of a method of allowing a guest device 350 to join a domain as a slave device consistent with an exemplary embodiment of the present invention. At this time, the guest device 350 is status authenticated as a legal device through the authentication process of FIG. 2.
  • the smart card reader 310a of the master device 310 reads device information of the guest device 350 stored in the smart card 350a in step S304.
  • the device information includes a serial number of the guest device 350, a device ID such as a UUID, and a device key used for information encryption.
  • the smart card reader 310a is shown as being separated from the master device 310. However, the smart card reader 310a is included as a component of the master device 310 as a data reader 310a as shown in FIG. 5.
  • step S306 the master device 310 determines the guest device 350 from the device ID of the device information of the guest device 350 and transmits a challenge reqiest signal to the guest device 350.
  • step S308 the guest device 350 receives the challenge reqiest signal from the master device 310, generates a challenge k, which is a random number, and transmits the challenge k to the master device 310 in step S309.
  • step S310 the master device 310, which receives the challenge k from the guest device 350, generates E(k) that the challenge k is encrypted with the device key of the guest device 350 read in step S304 using a predetermined encryption algorithm and transmits the E(k) to the guest device 350 in step S311.
  • step S312 the guest device 350, which receives the E(k) from the master device 310, generates D(E(k)) that the E(k) is decrypted with a key stored in the guest device 350 using the predetermined encryption algorithm used for encrypting the challenge k in the master device 310 and determines whether the D(E(k)) is the same as the challenge k generated in step S308.
  • step S314 if the D(E(k)) and the challenge k are the same, the guest device 350 transmits an authentication success signal to the master device 310, and if the D(E(k)) and the challenge k are not the same, the guest device 350 transmits an authentication failure signal to the master device 310.
  • step S316 the master device 310, which receives the authentication result from the guest device 350, determines whether the authentication succeeded or failed. If the authentication succeeded in step S316, the master device 310 transmits a device mode change signal to the guest device 350 in step S318, and the guest device 350 changes its own device mode to the slave mode according to the device mode change signal in step S320. At this time, the master device 310 newly registers the guest device 350 in a slave device list of the master device 310.
  • the master device 310 outputs an authentication failure message through a user interface screen in step S322, and the user determines that the current master device 310 is an external master device, which is not compatible with the guest device 350.
  • FIGS. 5 and 6 internal configurations of the master device 310 and the guest device 350 are shown, respectively.
  • the data reader 310a of FIG. 3 is plugged in the master device 310 as a component of the master device 310.
  • a device join processing unit 310b transmits a challenge reqiest signal to the guest device 350 by determining the guest device 350 using the device ID of the guest device 350 read by the data reader 310a in step S306, retransmits an encrypted challenge value to the guest device 350 by encrypting a challenge k received from the guest device 350 using a predetermined encryption algorithm in step S310, and according to an authentication result of the encrypted challenge value in the guest device 350, joins the guest device 350 in a home domain in step S318, or outputs an authentication failure message in step S322.
  • a communication unit 350b of the guest device 350 performs communication with the master device 310, such as receiving the challenge reqiest signal from the master device 310 after a smart card 350a of the guest device 350 is read by the master device 310, transmitting the challenge k to the master device 310, receiving the encrypted challenge value from the master device 310, and transmitting an authentication result of the encrypted challenge value to the master device 310.
  • a master device authentication unit 350c randomly generates the challenge k in response to the challenge reqiest signal from the master device 310 in step S308, decrypts the encrypted challenge value with a decrypting key, which the master device authentication unit 350c has, and authenticates whether the decrypted challenge value is the same as the challenge k generated in step S308 in step S312.
  • the master device 310 joins the guest device 350 in the home domain or outputs the authentication failure message.
  • the device join processing function of the master device 310 and the master device authentication function of the guest device 350 described above can be written as computer programs and can be implemented in each of the devices that execute the programs using a computer readable recording medium.
  • Examples of the computer readable recording medium include magnetic storage media (e.g., ROM, floppy disks, hard disks, etc.), optical recording media (e.g., CD-ROMs, or DNDs), and storage media such as carrier waves (e.g., transmission through the Internet).
EP04808248A 2003-12-01 2004-11-29 System und verfahren zum aufbau einer heim-domäne durch verwendung einer chipkarte, die informationen einer heimnetzwerk-mitgliedereinrichtung enthält Withdrawn EP1690375A1 (de)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
US52570103P 2003-12-01 2003-12-01
KR1020040010409A KR101086399B1 (ko) 2003-12-01 2004-02-17 홈 네트워크 구성 기기의 정보를 담고 있는 스마트 카드를이용하여 홈 도메인을 구축하는 시스템 및 방법
PCT/KR2004/003111 WO2005055523A1 (en) 2003-12-01 2004-11-29 System and method for building home domain using smart card which contains information of home network member device

Publications (1)

Publication Number Publication Date
EP1690375A1 true EP1690375A1 (de) 2006-08-16

Family

ID=36649269

Family Applications (1)

Application Number Title Priority Date Filing Date
EP04808248A Withdrawn EP1690375A1 (de) 2003-12-01 2004-11-29 System und verfahren zum aufbau einer heim-domäne durch verwendung einer chipkarte, die informationen einer heimnetzwerk-mitgliedereinrichtung enthält

Country Status (2)

Country Link
EP (1) EP1690375A1 (de)
WO (1) WO2005055523A1 (de)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113660099B (zh) * 2021-09-01 2022-10-18 珠海格力电器股份有限公司 一种物联设备的鉴权方法、鉴权服务器、用户设备服务器

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP3612487B2 (ja) * 2000-11-30 2005-01-19 シャープ株式会社 方向性結合器の特性測定方法及びその方法を用いた方向性結合器及びこの方向性結合器を備えたプラズマ処理装置
KR100434270B1 (ko) * 2001-05-30 2004-06-04 엘지전자 주식회사 가전기기 네트워크 제어시스템
KR100505230B1 (ko) * 2002-12-10 2005-08-03 엘지전자 주식회사 홈네트워크 시스템 및 그 제품 삭제방법

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
See references of WO2005055523A1 *

Also Published As

Publication number Publication date
WO2005055523A1 (en) 2005-06-16

Similar Documents

Publication Publication Date Title
US8347076B2 (en) System and method for building home domain using smart card which contains information of home network member device
EP1521422B1 (de) Verfahren zur Erstellung einer Domäne, die auf der Kryptographie eines öffentlichen Schlüssels basiert
KR100718598B1 (ko) 디바이스들의 사이에서 디지털 데이터의 안전한 통신을 제공하기 위한 방법 및 장치
US6581160B1 (en) Revocation information updating method, revocation information updating apparatus and storage medium
EP1276106B1 (de) System zum Schutz digitaler Inhalte, Aufzeichnungsgerät, Übertragungsgerät und Wiedergabegerät
US7296147B2 (en) Authentication system and key registration apparatus
US20040250077A1 (en) Method of establishing home domain through device authentication using smart card, and smart card for the same
JP4477835B2 (ja) 認証システム、鍵登録装置及び方法
US20080235810A1 (en) Method of Authorizing Access to Content
US8694799B2 (en) System and method for protection of content stored in a storage device
JP2007528658A (ja) 改良されたドメインマネージャ及びドメイン装置
JP4713745B2 (ja) 認証通信装置及び認証通信システム
WO2005055523A1 (en) System and method for building home domain using smart card which contains information of home network member device
JP4564572B1 (ja) 送信装置、受信装置及びコンテンツ送受信方法
KR20070022019A (ko) 개선된 도메인 매니저 및 도메인 디바이스

Legal Events

Date Code Title Description
PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

17P Request for examination filed

Effective date: 20060530

AK Designated contracting states

Kind code of ref document: A1

Designated state(s): DE FR GB

DAX Request for extension of the european patent (deleted)
RBV Designated contracting states (corrected)

Designated state(s): DE FR GB

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE APPLICATION HAS BEEN WITHDRAWN

18W Application withdrawn

Effective date: 20090209