GB2408181A - Configuring a wireless connection using a physical token containing two sets of configuration information - Google Patents

Configuring a wireless connection using a physical token containing two sets of configuration information Download PDF

Info

Publication number
GB2408181A
GB2408181A GB0326507A GB0326507A GB2408181A GB 2408181 A GB2408181 A GB 2408181A GB 0326507 A GB0326507 A GB 0326507A GB 0326507 A GB0326507 A GB 0326507A GB 2408181 A GB2408181 A GB 2408181A
Authority
GB
United Kingdom
Prior art keywords
token
configuration information
secondary device
primary device
primary
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
GB0326507A
Other versions
GB2408181B (en
GB0326507D0 (en
Inventor
Russell John Haines
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Toshiba Europe Ltd
Original Assignee
Toshiba Research Europe Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Toshiba Research Europe Ltd filed Critical Toshiba Research Europe Ltd
Priority to GB0326507A priority Critical patent/GB2408181B/en
Publication of GB0326507D0 publication Critical patent/GB0326507D0/en
Publication of GB2408181A publication Critical patent/GB2408181A/en
Application granted granted Critical
Publication of GB2408181B publication Critical patent/GB2408181B/en
Anticipated expiration legal-status Critical
Expired - Fee Related legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0869Network architectures or network communication protocols for network security for authentication of entities for achieving mutual authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/03Protecting confidentiality, e.g. by encryption
    • H04W12/033Protecting confidentiality, e.g. by encryption of the user plane, e.g. user's traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W28/00Network traffic management; Network resource management
    • H04W28/16Central resource management; Negotiation of resources or communication parameters, e.g. negotiating bandwidth or QoS [Quality of Service]
    • H04W28/18Negotiating wireless communication parameters
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W8/00Network data management
    • H04W8/18Processing of user or subscriber data, e.g. subscribed services, user preferences or user profiles; Transfer of user or subscriber data
    • H04W8/20Transfer of user or subscriber data
    • H04W8/205Transfer to or from user equipment or user record carrier

Abstract

A method is disclosed of configuring a wireless network (22) using a persistent memory token (36) associated with a primary device (24) of the network (22), comprising presenting the token (36) to a secondary device (34) of the network (22), reading first configuration information (CI1) stored on the token (36) into the secondary device (34), writing second configuration (CI2) information from the secondary device (34) onto the token (36), returning the token (36) to the primary device (24), and configuring a wireless communications channel between the primary device (24) and the secondary device (34) in dependence upon at least one of the first and second configuration information (CI1, CI2). The token 36 may be a smart card or a Subscriber Identity Module. The first configuration information preferably includes a private encryption key for encrypting communications from the secondary device to the primary device. The secondary device may be a loudspeaker and the primary device another element of a wireless home entertainment system.

Description

24081 81 The present invention relates to a wireless network, a device for
use in a wireless network and a method of configuring a wireless network.
Figure 1 of the accompanying drawings is a block diagram illustrating the basic setup of a typical wireless network, such as a wireless local area network. The illustrated wireless network 2 comprises a primary device 4 in communication with a first secondary device 6 over a first wireless communications path 8 and also in communication with a second secondary device 10 over a second wireless communications path 12.
Communications between the primary device 4 and the secondary devices 6 and 10 are typically encrypted using a secret encryption key K before transmission to protect against eavesdropping by intruders and also to prevent unauthorized access to the primary device 4. One such security protocol is the wired equivalent privacy (WEP) protocol in which communications are encrypted with a secret key prior to transmission.
The IEEE 802.11 standard specifies a 64-bit WEP key, which comprises a 40bit shared secret, the remaining 24 bits being a non-secret initialization vector. Several proprietary extensions of the IEEE 802.11 standard have emerged, the most common being a 128- bt solution (104-bit shared secret, 24-bit initialization vector), although there are also some 152-bit solutions (128-bit shared secret, 24- bit initialization vector).
With a security protocol such as the WEP protocol, it is of course necessary for each of the devices 4, 6 and 12 in the wireless network 2 to have knowledge of the secret key, and the distribution of the secret key raises both practical and security issues. The distribution of the encryption information must be performed in a manner that is both secure, so that only those devices that are authorised gain knowledge of the secret key, and also user-friendly, to ease the installation process and to prevent installation errors.
This is especially so when the wireless network is being set up in a home environment without skilled IT support or advice.
To explain the process of installing a new device into a wireless network, Figure 1 also illustrates a third secondary device 14 that is to be installed into the existing wireless network 2 such that wireless communication can be established between the primary device 4 and the third secondary device 14. As part of this procedure, the third secondary device 14 must be supplied with the secret key K that is being used by the primary device 4 for wireless communications, as well as other configuration parameters that arc required for establishing wireless communication with the primary device 4, such as for example the transmission frequency to be used.
Some current technologies targeted at the home, such as the Digital Enhanced Cordless Telecommunications (DECT) technology and Bluetooth, adopt a "press the button now" approach, where the user is required to set manually both the primary device 4 and the third secondary device 14 into a registration mode as a primitive form of authentication, and then, for a limited period, the two devices 4 and 14 transfer encryption keys K and the like in unencrypted form. This presents a significant risk of eavesdropping, even during that constrained and unpredictable window.
In the commercial wireless local area network environment, the third secondary device 14 would typically be installed into the wireless network 4 by entering the encryption key K manually into the third secondary device 14, for example via a keypad. This overcomes the problem of the eavesdropping of the encryption key K, but in the home entertainment environment the devices envisaged (for example, hi-fi equipment such as speakers, amplifiers and tuners) are likely to have no user interface at all, and highly unlikely to have a full keyboard, and therefore the entry of the required encryption key K into the third secondary device 14 is likely to be difficult. In addition, user- friendliness and the case of installing a new device are extremely important in the domestic market, and requiring the user to enter encryption keys and other configuration parameters into a new device is likely to be both unpopular and unreliable.
Accordingly it is desirable to provide a wireless network that allows the configuration and installation of a new device into the network in a straightforward, reliable and secure manner.
According to a first aspect of the present invention there is provided a method of configuring a wireless network using a persistent memory token associated with a primary device of the network, comprising presenting the token to a secondary device of the network, reading first configuration information stored on the token into the secondary device, writing second configuration information from the secondary device onto the token, resuming the token to the primary device, and configuring a wireless communications channel between the primary device and the secondary device in dependence upon at least one of the first and second configuration information.
The wireless communications channel may be configured in dependence upon the first and second configuration information. The wireless network may be a local area The first configuration information may comprise a cryptographic key for encrypting communications over the communications channel at least from the secondary device to the primary device. The second configuration information may comprise a cryptographic key for encrypting communications over the communications channel at least from the primary device to the secondary device. The cryptographic key may be a private encryption key.
The first configuration information may comprise authentication information for authenticating the primary device over the communications channel.
At least one of the first and second configuration information may comprise one or more configuration parameters required for establishing the communications channel.
The second configuration information may comprise capability information identifying physical capabilities of the secondary device.
The second configuration information may comprise identification information for identifying the secondary device to the primary device. The first configuration information may comprise identification information for identifying the primary device to the secondary device. The configuration information may comprise the Media Access Control address of the device.
The first configuration information may be written to the token by the primary device.
Alternatively, the first configuration information may be pre-stored on the token.
The second configuration information may be stored in a record on the token associated with the secondary device, separate from other such records on the token.
The token may be a smart card. The token may also be a Subscriber Identity Module.
The token may comprise non-volatile memory for storing the configuration information.
The token may be prcscntcd to the secondary device by inserting it into a token holder of the secondary device for a period during which the first configuration information is read into the secondary device and the second configuration information is written onto the token. The end of the period may be notified by a visible or audible signal.
The token may be returned to the primary device by inserting it into a token holder of the primary device for safekeeping and to enable access by the primary device to at least the second configuration information stored on the token.
The method may further comprise reading the second configuration information from the token into the primary device. After the token is returned to the primary device, the token may perform processing on behalf of the primary device during communication over the communications channel. Communications over the communications channel from the primary device to the secondary device may be encrypted by the token.
According to a second aspect of the present invention there is provided a wireless network comprising a primary device, a secondary device, a persistent memory token associated with the primary device, means for presenting the token to the secondary device of the network, means for reading first configuration information stored on the token into the secondary device, means for writing second configuration information from the secondary device onto the token, means for returning the token to the primary device, and means for configuring a wireless communications channel between the primary device and the secondary device in dependence upon at least one of the first and second configuration information.
According to a third aspect of the present invention there is provided a secondary device for use in a wireless network having a primary device, a persistent memory token associated with the primary device, means for presenting the token to the secondary device and means for returning the token to the primary device, the secondary device comprising means for reading first configuration information stored on the token into the secondary device, means for writing second configuration information from the secondary device onto the token, and means for configuring, in cooperation with corresponding such means of the primary device, a wireless communications channel between the primary device and the secondary device in dependence upon at least one of the first and second configuration information.
The reading means may be the only means available for inputting configuration information to the secondary device. The secondary device may be a loudspeaker for use in a home entertainment system.
According to a fourth aspect of the present invention there is provided a primary device for use in a wireless network having a secondary device, a persistent memory token associated with the primary device, means for presenting the token to the secondary device of the network, means for reading first configuration information stored on the token into the secondary device, means for writing second configuration information from the secondary device onto the token, means for returning the token to the primary device, the primary device comprising means for configuring, in cooperation with corresponding such means of the secondary device, a wireless communications channel between the primary device and the secondary device in dependence upon at least one of the first and second configuration information.
Reference will now be made, by way of example, to the accompanying drawings, in which: Figure I is a block diagram illustrating a typical wireless network; Figure 2 is a block diagram illustrating a wireless network according to an embodiment of the present invention; Figure 3 Is a block diagram illustrating a smart card used as a persistent memory token in an embodiment of the present invention; Figure 4 is a block diagram illustrating parts of the primary and secondary devices of Figure 2 in more detail; and Figure 5 is a flow diagram illustrating a method of configuring a wireless network embodying the present invention.
Figure 2 is a block diagram illustrating a local area wireless network according to an embodiment of the present invention. The illustrated wireless network 22 comprises a primary device 24 in wireless communication with a first secondary device 26 over a first wireless communications channel 8 and also with a second secondary device 30 over a second wireless communications channel 12. In this respect, the wireless communications channels 8 and 12 have already been configured. The wireless network 22 is to be further configured by installing a third secondary device 34 into the wireless network 22 such that a new wireless communications channel between the primary device 24 and the third secondary device 34 can be established. For this purpose, use is made of a persistent memory token 36 that is associated with the primary device 24, as will be explained in more detail below.
To enable the wireless communication channel to be established between the primary device 24 and the secondary device 34, configuration information must first be exchanged between the primary device 24 and the secondary device 34 so that wireless communication can be established in dependence upon the configuration information.
First configuration information CII is transferred from the primary device 24 to the secondary device 34 and second configuration information C12 is transferred in the reverse direction from the secondary device 34 to the primary device 24.
In this embodiment, the first configuration information CI l comprises a private encryption key K which is to be used to encrypt wireless communications between the primary device 24 and the third secondary device 34, as well as various other configuration parameters CP l that contribute to define the physical setup of the wireless communications channel to be configured between the primary device 24 and the third secondary device 34. The second configuration information CI2 comprises various configuration parameters CP2 that also contribute to define the physical setup of the wireless communications channel to be configured between the primary device 24 and the third secondary device 34.
As mentioned above, a common method to achieve the distribution of the private encryption key K and other configuration information is simply to transmit the key K and configuration information wirelessly for receipt by the intended device, but this approach has important, negative security implications associated with it.
In an embodiment of the present invention, use is made for this purpose of a persistent memory token 36 associated with the primary device 24 to exchange configuration information between the primary device 24 and the secondary device 34, as will be described in more detail below. In this application, a persistent memory token is a conveniently-sized, portable token comprising memory for the storage of data (for example, configuration information) such that the data persists in the memory while the token is being transported and is detached from an associated device. The token may comprise yon-volatile memory that maintains stored data without requiring a power source, or the token may comprise volatile memory which is refreshed using a suitable power supply (e.g. battery) on the token itself.
In this embodiment, the persistent memory token 36 is a smart card 36, also known as an integrated circuit card (ICC), as illustrated schematically in Figure 3. The smart card 36 comprises a memory portion 3, a central processing unit (CPU) 5, an input/output (I/O) portion 7, and a processing unit 9. The CPU 5 is in two-way communication with the memory portion 3, the LO portion 7, and the processing unit 9. These portions are typically contained within a single integrated circuit embedded into the smart card 1, which may be of a contact or contact-less variety. The smart card I is able to communicate with external devices via POWER and CLK channels to receive the required power and clock signal CLK (although some smart cards may have an internal power or clock source), and via an I/O channel to communicate data to and from the smart card 1. Such communication is either by electrical signals through contact pins for a contact card, or by inductive, capacitive or optical coupling for a contact-less card.
The memory portion 3 is used to store the first and second configuration information CII and CI2 in this embodiment. The processing unit 9 may be used to perform various processing tasks on input data DIN from the CPU 5 to produce output data DOUT, and this possibility will be explained further below.
In this regard, it is has been previously proposed to use a smart card or Subscriber Identity Module (SIM) as a means for transferring a secret key between devices. For example, paragraph [0011] of US 2002/0065099 briefly describes an approach using SIMs in both a private base station and a cellular terminal, whereby a secret key can be transferred without transmitting it. In "802.11 Wireless Networks: The Definitive Guide" by Matthew S. Gast, O'Reilly UK; ISBN: 0596001835 the Nokia implementation of IEEE802.1 lb wireless LAN cards is described in which SIM smart cards are used for user authentication and to transfer WEP keys.
However, there has not been previously proposed a system and method in which a persistent memory token associated with the primary device of a wireless network can be used to configure and secure the entire wireless network. Such a system and method is proposed in an embodiment of the present invention, which will now be described in more detail with reference to Figures 4 and 5.
Figure 4 is a block diagram showing parts of the primary device 24 and the secondary device 34 of Figure 2 in more detail, while Figure 5 is a flow diagram for use in explaining a method of configuring a wireless network embodying the present invention.
As shown m Figure 4, the primary device 24 comprises a control unit 39, a wireless communications unit 40 and a token input/output (I/O) unit 42. The secondary device 34 comprises a control unit 44, a wireless communications unit 46 and a token I/O unit 48. The wireless communications units 40 and 46 are for performing wireless communication between the devices 24 and 34 over a wireless communications channel 38 once that channel has been configured and established using the method described below.
The token I/O units 42 and 48 incorporate a token holder in which the persistent memory token 36 can be inserted to allow the POWER, CLK and I/O channels described with reference to Figure 3 to be formed with the associated device. Once these channels have been formed, configuration information can be transferred to and from the persistent memory token 36.
In Figure 4, the persistent memory token 36 is shown as located in the token 1/0 unit 42 of the primary device 24. The persistent memory token 36 is closely associated with the primary device 24, and this is therefore the usual and preferred home for the persistent memory token 36 where it can be stored for safekeeping. The persistent memory token 36 should preferably be removed from the token I/O unit 42 of the primary device 24 only when a new secondary device is to be installed into the network. This is represented by step S1 shown in Figure 5.
When it is determined that the third secondary device 34 is to be installed into the network 22, the control unit 39 of the primary device 24 arranges for first configuration information Cl l to be written to the persistent memory token 36 if the first configuration information Cll is not already stored thereon, or if the first configuration information C1 stored thereon requires updating (step S2). This is a further reason why it is preferable for the persistent memory token 36 to be kept in the token I/O unit 42 of the primary device 24 (step S1), since it is in the correct place and ready for first configuration information CI1 to be written to it when a new secondary device 34 is to be installed. A further reason is explained below in connection with the reading of the second configuration information CI2 written to the persistent memory token 36 in step S6.
The persistent memory token 36 is then removed from the token I/O unit 42 of the primary device 24 and presented to the secondary device 34 by inserting it into the token l/O unit 48 of the secondary device 34 (step S3); this operation is performed by the person installing the secondary device 34 into the network 22. The control unit 44 of the secondary device 34 then arranges for the first configuration information CI1 to be read from the persistent memory token 36 into the secondary device 34 (step S4) for later use in configuring the wireless communications channel 38 (see step S8). The control unit 44 of the secondary device 34 also arranges for second configuration information CI2 to be written to the persistent memory token 36 (step S5) for transferral back to the primary device 24.
In this embodiment, the second configuration information is stored as a separate record in the memory portion 3 of the persistent memory token 36, with the record being particularly associated with the secondary device 34 that created the record that is separate from other such records on the token created by other previously-installed secondary units such as the first and second secondary units 26 and 30. This is a particularly advantageous feature of this embodiment since it allows the complete network configuration to be kept on the persistent memory token 36. This would allow the network 22 to be re-configured in the event that, for example, one or more of the primary and secondary devices 24, 26 and 30 catastrophically failed.
Steps S4 and S5 in this embodiment are performed during a period in which the persistent memory token 36 is continuously located in the token I/O unit 48 of the secondary device 34. When the second configuration information CI2 has been successfully written to the persistent memory token 36, an audible or visible signal is preferably emitted by the secondary device 34 to notify the installer that the installation procedure can continue with step S6.
The persistent memory token 36 is then removed by the installer from the token I/O unit 48 of the secondary device 34 and returned to the primary device 24 by inserting it into the token I/O unit 42 of the primary device 24 (step S6) . The control unit 39 of the primary device 24 then arranges for the second configuration information CI2 to be read from the persistent memory token 36 into the primary device 24 (step S7).
Following the exchange of the first and second configuration information CI1 and CI2 between the primary and secondary devices 24 and 34, the control units 39 and 44 of the primary and secondary devices 24 and 34 respectively use the configuration information CII and CI2 to configure the wireless communications channel 38 (step S8). In this embodiment, the first configuration information CI1 comprises the secret key K that is to be used for encrypting communications over the wireless communications channel 38 from the secondary device 34 to the primary device 24. The communications channel 38 is therefore configured to perform such encryption by using the control unit 44 of the secondary device 34 to configure the wireless communications unit 46 of the secondary device 34 to encrypt any data using the key K before it is sent over the wireless communications channel 38. Correspondingly, the control unit 39 of the primary device 24 is used to configure the wireless communicatio.c unit 40 of the primary device 24 to decrypt any data received from the secondary device 34 over the wireless communications channel 38.
If a different encryption key Is to be used to encrypt communications over the wireless communications channel 38 from the primary device 24 to the secondary device 34, then that encryption key could be included in the second configuration information CI2 transferred from the secondary device 34 to the primary device 24 in steps S5 to S7 above and used to configure the wireless communications channel 38 appropriately in step S8.
One major advantage with using a persistent memory token 36 in this manner to exchange sensitive information such as the private encryption key K is that the sensitive information Is never transmitted in unencrypted form over the air waves and is therefore more secure and less prone to eavesdropping by third parties. As described above, the persistent memory token 36 can also be used to transmit other information such as configuration parameters.
In addition, the requirement that a physical token 36 is presented to the secondary device 34 by the network installer is a good security mechanism to ensure that no rogue secondary devices gain access to the wireless network 22 and the primary device 24, since the network installer will only present the token 36 to trusted secondary devices.
The presentation of a physical token 36 also imparts a degree of trust that the network 22 that the secondary device 34 is about to Connect to is a valid one.
A further advantage is that there is no requirement for the user manually to enter in the private encryption key or other configuration information into the secondary device 34 bemg installed into the wireless network 22 and this allows the setup procedure to be automated with less susceptibility to installation errors and problems caused by an inexperienced installer or home user.
A further advantage is that the use of a persistent memory token 36 in this manner gives a bi-directional communications capability. Not only can the new secondary device 34 obtain key parameters about the existing network 22, but it can also transfer key data about itself back to the primary device 24. One of the weaknesses of previously- considered wireless local area networks is that there is usually an implicit assumption that the primary device (or access point) is authentic, and therefore that only the secondary devices need to be authenticated. This can lead to a so-called "man in the middle" type of attack, where a rogue device can masquerade as a primary device, and so trick the secondary device into revealing to it secret information held within the secondary device. The rogue primary device can then use the secret information to gain access to the real primary device. It is therefore useful to have the ability to authenticate bi-directionally and to establish the credentials of the primary device. The primary device and the secondary device 24 and 34 can mutually authenticate using the persistent memory token 36, or one can authenticate itself using the persistent memory token 36 with the other authenticating Itself over the wireless communications channel 38.
The use of the persistent memory token 36 in this way is not limited only to the initial Installation period but may also be used periodically during the operation of the system.
For example, the persistent memory token 36 can be used as a secure means of exchanging sensitive information where it is suspected that eavesdropping is occurring on the communications over the existing wireless communications channel 38; in such a situation configuration information can be exchanged again to re-configure the existing wireless communications channel 38.
The first configuration information CIl may also comprise authentication information for authenticating the primary device 24 over the wireless communications channel 38, and similarly in the reverse situation the second configuration information CI2 may comprise identification information for identifying the secondary device 34 to the primary device 24. One such piece of identification information may be the Media Access Control (MAC) address of the device concerned. Such authentication and identification could comprise part of the configuration procedure to establish the wireless communications channel 38. The first and second configuration information CI l and CI2 may comprise one or more configuration parameters required for establishing the wireless communications channel 3 8, for example the channel frequency.
The first and second configuration information CIl and C12 may also be used to perform a "capability exchange" between the primary and secondary devices 24 and 34.
In such a case the first and/or second configuration information CIl and/or CI2 would comprise capability information describing the physical capabilities of the device concerned. For example, in the case where the secondary device 34 is a loudspeaker and the primary device 24 is a home entertainment system, the capability information in the second configuration information CI2 might comprise an entry "can output sound, cannot input sound", along with a common way of categorising that information, for example "transducer capabilities: sound". The name of the device can also be included, for example "Bang & Olufsen LoudSpeaker with Toshiba Control Module", along with an explanation of what that means mterms that the primary device 24, for example with- the name "Toshiba Home Entertainment System", can understand. One way of expressing this capabihty information is by Using XML (extensible markup language).
Although the wireless communications channel 38 is configured in dependence on the configuration information contained within the first configuration information CII and the second configuration Information CI2, it is not necessary that all of the configuration information is used to configure the wireless communications channel 38.
Some of the configuration information may relate to information that is not required for the configuration of the wireless communications channel 38. It is possible that none of the first configuration information Cll or none of the second configuration information C12 is actually used to configure the wireless communications channel 38, although it is necessary that at least some of the first and second configuration information CI1 and C12 is used for this purpose. For example, in the case that the secondary device 34 is a loudspeaker device, it is possible that the second configuration information CI2 comprises only capability information relating to the sound capabilities of the loudspeaker, while the Fret configuration information Cl I comprises at least one configuration parameter used to establish the wireless communications channel 38.
A wireless network embodying the present invention need not be a local area wireless network, but may in fact allow wireless communication over relatively large distances.
In practice it would of course be required that, at least during the initial installation period, that the primary and secondary devices are located close to each other so that the persistent memory token 36 can easily be transferred from one to the other, but this is not essential.
It is described above that in step S7 the control unit 39 of the primary device 24 arranges for the second configuration information C12 to be read from the persistent memory token 36 into the primary device 24. It is not essential to store the second configuration information CI2 in the primary device 24 since, if the persistent memory token 36 is to be kept in the token I/O unit 42, the second configuration information CI2 of the secondary device 34 can be read straight from the persistent memory token 36 when required. Where the persistent memory token 36 comprises processing means such as the CPU 5 of the smart card of Figure 3, it is also possible that, if the persistent memory token 36 is to be kept in the token 1/0 unit 42, the persistent memory token 36 can be used to perform processing on behalf of the primary device 24. For example, the CPU 5 could perform encryption processing to encrypt data using a secret key K from the second configuration information C12; such second configuration information C12 would already be stored on the persistent memory token 36 in the memory portion 3 and would therefore be easily accessible. If the persistent memory token 36 were able to perform the processing required to configure the communications channel 38 itself, or if the second configuration information does not comprise information required to configure the communications channel 38, then it is possible that the second configuration information C12 is not read into the primary device 24 at all, but remains on the persistent memory token 36 for use internally. For the reasons above, it is further desirable that the persistent memory token 36 is kept in the token I/O unit 42 of the primary device 24.
Although the main embodiment described above incorporated a smart card as the persistent memory token 36, it will be appreciated that any other type of persistent memory token 36 may be used. For example, a swipe card could be used where the configuration infonnation is stored on a magnetic strip that is read by a swipe card reader. A SIM-type persistent memory token 36 is equally suitable. It is of course not the case that in all embodiments the persistent memory token 36 Is inserted into a holder forming part of the token 1/0 unit 42 or 48; if a contactless persistent memory token 36 is used then it would be sufficient to hold the token 36 close to the token I/O unit 42 or 48 for information transfer without actually inserting it or partially inserting it.

Claims (29)

  1. CLAIMS: I. A method of configuring a wireless network using a persistent
    memory token associated with a primary device of the network, comprising presenting the token to a secondary device of the network, reading first configuration information stored on the token into the secondary device, writing second configuration information from the secondary device onto the token, returning the token to the primary device, and configuring a wireless communications channel between the primary device and the secondary device in dependence upon at least one of the first and second configuration information.
  2. 2. A method as claimed in claim 1, wherein the wireless communications channel is configured in dependence upon the first and second configuration information.
  3. 3. A method as claimed in claim 1 or 2, wherein the wireless network is a local area wireless network.
  4. 4. A method as claimed in claim 1, 2 or 3, wherein the first configuration information comprises a cryptographic key for encrypting communications over the communications channel at least from the secondary device to the primary device.
  5. 5. A method as claimed in any preceding claim, wherein the second configuration information comprises a cryptographic key for encrypting communications over the communications channel at least from the primary device to the secondary device.
  6. 6. A method as claimed in claim 4 or 5, wherein the cryptographic key is a private encryption key.
  7. 7. A method as claimed in any preceding claim, wherein the first configuration information comprises authentication information for authenticating the primary device over the communications channel.
  8. 8. A method as claimed in any preceding claim, wherein at least one of the first and second configuration information comprises one or more configuration parameters required for establishing the communications channel.
  9. 9. A method as claimed in any preceding claim, wherein the second configuration information comprises capability information identifying the physical capabilities of the secondary device.
  10. 10. A method as claimed in any preceding claim, wherein the second configuration information comprises identification information for identifying the secondary device to the primary device.
  11. 11. A method as claimed in any preceding claim, wherein the first configuration information comprises identification information for identifying the primary device to the secondary device.
  12. 12. A method as claimed in claim 10 or 11, wherein the configuration information comprises the Media Access Control address of the device.
  13. 13. A method as claimed in any preceding claim, wherein the first configuration information is written to the token by the primary device before the token is presented to the secondary device.
  14. 14. A method as claimed in any preceding claim, wherein the second configuration information is stored in a record on the token associated with the secondary device, separate from other such records on the token.
  15. 15. A method as claimed in any preceding claim, wherein the token is a smart card.
  16. 16. A method as claimed in any one of claims I to 14, wherein the token is a Subscriber Identity Module.
  17. 17. A method as claimed in any preceding claim, wherein the token comprises non volatile memory for storing the configuration information.
  18. 18. A method as claimed in any preceding claim, wherein the token is presented to the secondary device by inserting it into a token holder of the secondary device for a period during which the first configuration information is read into the secondary device and the second configuration information is written onto the token.
  19. 19. A method as claimed in claim] 8, wherein the end of the period is notified by a visible or audible signal.
  20. 20. A method as claimed in any preceding claim, wherein the Ken is returned to the primary device by inserting it into a token holder of the primary device for safekeeping and to enable access by the primary device to at least the second configuration information stored on the token.
  21. 21. A method as claimed in any preceding claim, further comprising reading the second configuration information from the token into the primary device.
  22. 22. A method as claimed in any preceding claim, wherein, after the token is returned to the primary device, the token performs processing on behalf of the primary device during communication over the communications channel.
  23. 23. A method as claimed in claim 22, when dependent on claim 5, wherein communications over the communications channel from the primary device to the secondary device are encrypted by the token.
  24. 24. A wireless network comprising a primary device, a secondary device, a persistent memory token associated with the primary device, means for presenting the token to the secondary device of the network, means for reading first configuration information stored on the token mto the secondary device, means for writing second configuration information from the secondary device onto the token, means for returning the token to the primary device, and means for configuring a wireless communications channel between the primary device and the secondary device in dependence upon at least one of the first and second configuration information.
  25. 25. A secondary device for use in a wireless network having a primary device, a persistent memory token associated with the primary device, means for presenting the token to the secondary device and means for returning the token to the primary device, the secondary device comprising means for reading first configuration information stored on the token into the secondary device, means for writing second configuration information from the secondary device onto the token, and means for configuring, in cooperation with corresponding such means of the primary device, a wireless communications channel between the primary device and the secondary device in dependence upon at least one of the first and second configuration information.
  26. 26. A device as claimed in claim 25, in which the reading means are the only means available for inputting configuration information to the secondary device.
  27. 27. A device as claimed in claim 26, wherein the device is a loudspeaker for use m a home entertainment system.
  28. 28. A primary device for use in a wireless network having a secondary device, a persistent memory token associated with the primary device, means for presenting the token to the secondary device of the network, means for reading first configuration information stored on the token into the secondary device, means for writing second configuration information from the secondary device onto the token, means for returning the token to the primary device, the primary device comprising means for configuinmg, in cooperation with corresponding such means of the secondary device, a wireless communications channel between the primary device and the secondary device in dependence upon at least one of the first and second configuration information.
  29. 29. A method substantially as hereinbefore described with reference to Figures 2 to of the accompanying drawings. . .
    I. 1 .
    29. A method substantially as hereinbefore described with reference to Figures 2 to of the accompanying drawings.
    30. A wireless network substantially as hereinbefore described with reference to Figures 2 to 5 of the accompanying drawings.
    31. A primary device substantially as hereinbefore described with reference to Figures 2 to 5 of the accompanying drawings.
    32. A secondary device substantially as hereinbefore described with reference to Figures 2 to 5 of the accompanying drawings.
    Amendments to the claims have been filed as follows 1. A method of configuring a wireless network using a single persistent memory token associated with a primary device of the network, comprising presenting the token to a secondary device of the network, reading first configuration information stored on the token into the secondary device, writing second configuration information from the secondary device onto the token, returning the token to the primary device, and using at least one of the first and second configuration information to configure a wireless communications channel between the primary device and the secondary device.
    2. A method as claimed in claim 1, comprising using the first and second configuration information to configure the wireless communications channel.
    3. A method as claimed in claim 1 or 2, wherein the wireless network is a local area wireless network 4. A method as claimed in claim 1, 2 or 3, wherein the first configuration information comprises a cryptographic key for encrypting communications over the communications channel at least from the secondary device to the primary device.
    5. A method as claimed in any preceding claim, wherein the second configuration information comprises a cryptographic key for encrypting communications over the communications channel at least from the primary device to the secondary device.
    6. A method as claimed in claim 4 or 5, wherein the cryptographic key is a private encryption key.
    7. A method as claimed in any preceding claim, wherein the first configuration information comprises authentication information for authenticating the primary device over the communications channel.
    i (, . . . . . . . 17. A method as claimed in any preceding claim, wherein the token comprises non- volatile memory for storing the configuration information.
    18. A method as claimed in any preceding claim, wherein the token is presented to the secondary device by inserting it into a token holder of the secondary device for a period during which the first configuration information is read into the secondary device and the second configuration information is written onto the token.
    19. A method as claimed in claim 18, wherein the end of the period is notified by a visible or audible signal.
    20. A method as claimed in any preceding claim, wherein the token is returned to the primary device by inserting it into a token holder of the primary device for safekeeping and to enable access by the primary device to at least the second configuration information stored on the token.
    21. A method as claimed in any preceding claim, further comprising reading the second configuration information from the token into the primary device.
    22. A method as claimed in any preceding claim, wherein, after the token is returned to the primary device, the token performs processing on behalf of the primary device during communication over the communications channel.
    23. A method as claimed in claim 22, when dependent on claim 5, wherein communications over the communications channel from the primary device to the secondary device are encrypted by the token.
    24. A wireless network comprising a primary device, a secondary device, a persistent memory token associated with the primary device, means for presenting the token to the secondary device of the network, means for reading first configuration information stored on the token into the secondary device, means for writing second configuration information from the secondary device onto the token, means for returning the token to the primary device, and means for using at least one of the first ( . .. . I . . I. (, ) and second configuration information to configure a wireless communications channel between the primary device and the secondary device.
    25. A secondary device for use in a wireless network having a primary device, a persistent memory token associated with the primary device, means for presenting the token to the secondary device and means for returning the token to the primary device, the secondary device comprising means for reading first configuration information stored on the token into the secondary device, means for writing second configuration information from the secondary device onto the token, and means for using at least one of the first and second configuration information to configure, in coopeialion ilk corresponding such means of the primary device, a wireless communications channel between the primary device and the secondary device.
    26. A device as claimed in claim 25, in which the reading means are the only means available for inputting configuration information to the secondary device.
    27. A device as claimed in claim 26, wherein the device is a loudspeaker for use in a home entertainment system.
    28. A primary device for use in a wireless network having a secondary device, a persistent memory token associated with the,primary device, means for presenting the token to the secondary device of the network, means for reading first configuration information stored on the token into the secondary device, means for writing second configuration information from the secondary device onto the token, means for returning the token to the primary device, the primary device comprising means for using at least one of the first and second configuration information to configure, in cooperation with corresponding such means of the secondary device, a wireless communications channel between the primary device and the secondary device.
GB0326507A 2003-11-13 2003-11-13 Wireless network Expired - Fee Related GB2408181B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
GB0326507A GB2408181B (en) 2003-11-13 2003-11-13 Wireless network

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
GB0326507A GB2408181B (en) 2003-11-13 2003-11-13 Wireless network

Publications (3)

Publication Number Publication Date
GB0326507D0 GB0326507D0 (en) 2003-12-17
GB2408181A true GB2408181A (en) 2005-05-18
GB2408181B GB2408181B (en) 2005-10-19

Family

ID=29726499

Family Applications (1)

Application Number Title Priority Date Filing Date
GB0326507A Expired - Fee Related GB2408181B (en) 2003-11-13 2003-11-13 Wireless network

Country Status (1)

Country Link
GB (1) GB2408181B (en)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2006136969A1 (en) * 2005-06-20 2006-12-28 Koninklijke Philips Electronics N.V. System comprising a first device and a second device
FR2895857A1 (en) * 2005-12-29 2007-07-06 Pereira Jose Puga SYSTEM, PORTABLE DEVICE AND METHOD FOR CONFIGURING A COMMUNICATOR DEVICE IN A NETWORK
WO2009122151A1 (en) * 2008-03-31 2009-10-08 British Telecommunications Public Limited Company Method of installing a wireless network
US8190127B2 (en) 2006-03-16 2012-05-29 British Telecommunications Plc Methods, apparatuses and software for authentication of devices temporarily provided with a SIM to store a challenge-response
US8458448B2 (en) 2008-03-31 2013-06-04 British Telecommunications Public Limited Company Method of installing a wireless network

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2270446A (en) * 1992-09-04 1994-03-09 Ibm Uk Establishing a common cryptographic key at two cryptographic sites
JP2002281040A (en) * 2001-03-19 2002-09-27 Sony Corp Network system, router, terminal equipment, communication method, its program and recording medium
WO2003047173A1 (en) * 2001-11-27 2003-06-05 Sony Corporation Communication device and method
WO2003092222A1 (en) * 2002-04-25 2003-11-06 Sony Corporation Communication system, information processing device, and method

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2270446A (en) * 1992-09-04 1994-03-09 Ibm Uk Establishing a common cryptographic key at two cryptographic sites
JP2002281040A (en) * 2001-03-19 2002-09-27 Sony Corp Network system, router, terminal equipment, communication method, its program and recording medium
WO2003047173A1 (en) * 2001-11-27 2003-06-05 Sony Corporation Communication device and method
WO2003092222A1 (en) * 2002-04-25 2003-11-06 Sony Corporation Communication system, information processing device, and method

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2006136969A1 (en) * 2005-06-20 2006-12-28 Koninklijke Philips Electronics N.V. System comprising a first device and a second device
FR2895857A1 (en) * 2005-12-29 2007-07-06 Pereira Jose Puga SYSTEM, PORTABLE DEVICE AND METHOD FOR CONFIGURING A COMMUNICATOR DEVICE IN A NETWORK
FR2895816A1 (en) * 2005-12-29 2007-07-06 Pereira Jose Puga Communication device e.g. television, configuring method for e.g. Internet network, involves executing automatic configuration program of communication devices based on configuration parameters list downloaded towards data storage device
US8190127B2 (en) 2006-03-16 2012-05-29 British Telecommunications Plc Methods, apparatuses and software for authentication of devices temporarily provided with a SIM to store a challenge-response
WO2009122151A1 (en) * 2008-03-31 2009-10-08 British Telecommunications Public Limited Company Method of installing a wireless network
US8458448B2 (en) 2008-03-31 2013-06-04 British Telecommunications Public Limited Company Method of installing a wireless network

Also Published As

Publication number Publication date
GB2408181B (en) 2005-10-19
GB0326507D0 (en) 2003-12-17

Similar Documents

Publication Publication Date Title
US7912224B2 (en) Wireless network system and communication method for external device to temporarily access wireless network
ES2263474T3 (en) METHOD AND APPARATUS FOR INITIALIZING SECURE COMMUNICATIONS BETWEEN WIRELESS DEVICES AND TO PAIR THEM EXCLUSIVELY.
US7409552B2 (en) Method for securing communications between a terminal and an additional user equipment
ES2219032T3 (en) ESTABLISHMENT OF AN INSURED SESSION CONNECTION THROUGH THE WIRELESS APPLICATION PROTOCOL (WAP).
US7948925B2 (en) Communication device and communication method
US8532295B2 (en) Method for the secure loading in a NFC chipset of data allowing access to a service
US8107630B2 (en) Apparatus and method for managing stations associated with WPA-PSK wireless network
US6772331B1 (en) Method and apparatus for exclusively pairing wireless devices
JP5120417B2 (en) COMMUNICATION DEVICE, COMMUNICATION METHOD, AND COMMUNICATION SYSTEM
US8320905B2 (en) Method for exchanging data between a mobile telephone and a fixed line telephone
JP2006067174A (en) Control program, communication relay device control method, and communication relay device and system
CN103001940A (en) Techniques for setting up secure local password by means of WTRU (Wireless Transmit Receive Unit)
US20100161982A1 (en) Home network system
JP3350012B2 (en) Mobile terminal authentication method
JP4506999B2 (en) Wireless LAN system
GB2408181A (en) Configuring a wireless connection using a physical token containing two sets of configuration information
JP2004535627A (en) Secure remote subscription module access
JP3851781B2 (en) Wireless communication apparatus, wireless communication system, and connection authentication method
GB2407938A (en) Set-up of wireless network using mains electrical circuit
KR20190047557A (en) Earphone Device for Providing OTP by using Asynchronous Local Area Radio Communication
JP2009118231A (en) Information relay system and communication terminal
JP2009118232A (en) Information relay system and communication terminal
JP2002335578A (en) Communication system and method for transferring right to utilize communication path

Legal Events

Date Code Title Description
PCNP Patent ceased through non-payment of renewal fee

Effective date: 20121113