WO2001072012A2 - Systeme et procede de securite et d'authentification sur un canal de communications - Google Patents

Systeme et procede de securite et d'authentification sur un canal de communications Download PDF

Info

Publication number
WO2001072012A2
WO2001072012A2 PCT/US2001/009296 US0109296W WO0172012A2 WO 2001072012 A2 WO2001072012 A2 WO 2001072012A2 US 0109296 W US0109296 W US 0109296W WO 0172012 A2 WO0172012 A2 WO 0172012A2
Authority
WO
WIPO (PCT)
Prior art keywords
authentication value
authentication
storage device
arrangement
input
Prior art date
Application number
PCT/US2001/009296
Other languages
English (en)
Other versions
WO2001072012A3 (fr
Inventor
Stephen R. Hanna
Erik A. Guttman
Radia L. Perlman
Joseph E. Provino
Original Assignee
Sun Microsystems, Inc.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Sun Microsystems, Inc. filed Critical Sun Microsystems, Inc.
Priority to AU2001249374A priority Critical patent/AU2001249374A1/en
Publication of WO2001072012A2 publication Critical patent/WO2001072012A2/fr
Publication of WO2001072012A3 publication Critical patent/WO2001072012A3/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0853Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general

Definitions

  • the invention relates generally to the field of digital communications, and more specifically to systems and method for inexpensively facilitating security and authentication in connection with communications among devices in a network
  • a remote control system has been developed primarily for household use, including switching devices and remote control devices which can facilitate turning electrical devices such as lamps and appliances on and off remotely.
  • a switching device is plugged into an electrical outlet and the lamp or appliance to be controlled is plugged into the switching device.
  • a device controller is also plugged into a wall outlet and may be manipulated by an operator, enabled by an internal clock at selected times, or the like, to transmit a message through the wiring to the switching device to enable the switch to open or close.
  • the lamp's or appliance's own switch is normally maintained in a continually closed condition, in which case the system's switching device controls the on or off condition of the lamp or appliance.
  • multiple switching devices can be controlled from a single remote control device by providing each switching device with a device address, and messages provided by the remote control device would include the device address of the switching device whose switch was to open or close.
  • the system also accommodates use in multiple households by providing for a "household address" which is also transmitted with each message; if the household addresses differ as among proximate households, a plurality of households can use the system concurrently.
  • Remote control systems such as those described above generally provide a simple and effective arrangement for controlling simple devices, such as the simple on/off switching devices as described above.
  • communications are generally relatively insecure. While that may not be a significant problem in connection with, for example, control of lamps (although it may be desirable to prevent unauthorized remote control of even lamps for a number of reasons), it is preferable to provide a degree of security in connection with remote control of a number of types of devices, such as, for example, household security systems.
  • secure communications is very desirable in connection with communications facilitating remote control of devices in office or industrial environments.
  • a problem is privacy, so that, if information to be transferred from a source device to a destination device over the communication channel is intercepted by a third device, the intercepting device cannot determine what the actual information is.
  • a second problem is tamper detection, so that, if information transferred from the source device to the destination device has been intercepted and tampered with by a third device, the tampering can be detected.
  • a final problem is to ensure that information received by the destination device is "authentic,” that is, that, if the information indicates that it has been transmitted by the source device, it (that is, the information) has actually been transmitted by the source device and not by a third device.
  • the invention provides a new and improved system and method for inexpensively facilitating security and authentication in connection with communications among devices in a network.
  • the invention provides an inexpensive arrangement for providing an authentication value, which is associated with a controllable device, to a device controller which can control the device over a communication link using a selected communication methodology that facilitates authentication of messages transmitted therebetween. Message authentication is facilitated by the authentication value associated with the device.
  • the arrangement includes an authentication value storage device and, in connection with the device controller, an authentication value input.
  • the authentication value storage device is configured to store the authentication value separate and apart from the device.
  • the authentication value input is configured to receive the authentication value and facilitate use by the device controller in connection with communications with the device.
  • a number of illustrative authentication value storage devices and corresponding authentication value inputs are described herein including tamper evident forms on which the authentication value is printed in alphanumeric, bar code or other appropriate forms and in those cases the authentication value input is in the form of a keypad which an operator can use to input the authentication value, a bar code reader for reading the bar code, or the like.
  • Other illustrative authentication value storage devices include, for example, smart or other cards in which the authentication value is stored in electronic, magnetic or other form, and the authentication value input is in the form of a smart card reader, magnetic strip reader or the like for retrieving the authentication value from the storage device.
  • Authentication values can also be stored in, for example, an external database and retrieved over a network.
  • FIG. 1 schematically depicts a system 10 for inexpensively facilitating security and authentication in connection with communications among devices in a network, constructed in accordance with the invention
  • FIG. 2 is a flow chart depicting operations performed by the system 10 in connection with the invention.
  • FIG. 1 schematically depicts an illustrative system 10 for inexpensively facilitating security and authentication in connection with communications among devices in a network, constructed in accordance with the invention.
  • the system 10 includes a pluraUty of devices 11(1) through 11(N) (generally identified by reference numeral ll(n)) and a device controller 12, all interconnected by a communications arrangement 13.
  • the devices 11 (n) are all of a type which are controllable by information provided by the device controller 12.
  • System 10 may be used in a variety of environments, including household environments, office environments, industrial environments and the like to facilitate control of a variety of apparatus normally found in the respective environments.
  • devices l l(n) may control, for example, lamps, appliances, entertainment systems, heating and cooling systems, security systems, communication systems, transport systems, or any other device, apparatus, or system, however configured, that may be controlled directly or indirectly, with each apparatus controlled by a respective device 1 l(n) being identified by reference numeral 14(n).
  • the devices 1 l(n) may, under control of the device controller 12, control the on or off condition of the lamps and their illumination levels.
  • the devices 1 l(n) may, under control of the device controller 12, control the on or off condition of the respective system components, the programming to be played or recorded, the display brightness and sound volume during play, or other controllable functions.
  • the devices l l(n) may, under control of the device controller 12 adjust the amount of heating or cooling provided in relation to interior and exterior temperature, the level of insolation of the household, the time of day, the presence of household members in particular rooms and the like.
  • some heating and cooling systems also include humidification control apparatus, and for such systems, the devices can provide for adjustment of the humidity level in the household, typically providing for an increase in the humidity level while heating and a reduction in the humidity level during cooling.
  • Ones of devices 11 (n) may also connect to sensors (also not separately shown) for sensing the interior and exterior temperature, humidity level, insolation levels, and other information used by the device controller 12 in determining how to control the devices l l(n) to provide desired levels of heating, cooling and humidity, and, on request from the device controller 12, transmit the information to the device controller 12.
  • the devices l l(n) may, under control of the device controller, control the interior temperature of refrigeration and freezing compartments of refrigerators (not separately shown), turn a cooking oven (also not shown) on and off at particular times, and control the interior temperature to provide for unattended cooking, and the like.
  • Ones of devices l l(n) may also connect to sensors (also not separately shown) for sensing the interior temperature of the refrigerator compartments, oven and the like, and other information used by the device controller 12 in determining how to control the devices l l(n) to provide desired levels of heating and cooling and, on request from the device controller 12, transmit the information to the device controller 12.
  • the devices 11 (n) may, for example, lock and unlock and open and close doors and windows, arm or disarm the system at particular times, control sensors and security cameras, actuate alarms, initiate calls to the police or a central monitoring office, and the like.
  • devices 1 l(n) under control of the device controller 12 can, in connection with outgoing calls, operate to dial a telephone, adjust the handset or speaker volume, control playback of previously-recorded messages, and the like, and, in connection with incoming calls, answer the call, record a message for later retrieval and the like.
  • devices 1 l(n), under control of the device controller 12 can control movement of the wheelchairs, elevators and the like.
  • An office or industrial environment may include many types of controllable systems similar to those described above in connection with a household environment.
  • such environments can include, for example, robotic systems, automatic loading and unloading systems such as fork lifts, conveyor systems, industrial process systems and the like, all of which can be controlled by devices 1 l(n) remotely under control of a device controller 12.
  • the communication arrangement 13 may be any type of arrangement or collection of arrangements for efficiently transferring information between the device controller 12, on the one hand, and the devices ll(n), on the other hand.
  • Illustrative arrangements include, for example, household wiring, local area network arrangements such as an Ethernet, electromagnetic links such as radio transmission, infrared links or the like.
  • the devices l l(n) and device controller 12 communicate by means of messages transmitted over the communication arrangement 13.
  • the device controller 12 can transmit control messages to the devices l l(n) to enable them to actuate and otherwise control the household, office or industrial systems to be controlled by system 10.
  • the device controller 12 can transmit messages to those devices 1 l(n) to enable them to transmit the information to the device controller 12; those devices 1 l(n), in turn, transmit information to the device controller 12 in messages over the communication arrangement 13.
  • the invention provides an inexpensive arrangement by which the devices 1 l(n) and device controller 12 can at least authenticate messages transmitted therebetween.
  • the invention provides a number of mechanisms by which the device controller 12 and each device 11 (n) can inexpensively establish a shared secret, in the form of an authentication value, between them, which can be used in authentication of messages transmitted therebetween, while reducing the likelihood that a third party will intercept the authentication value or, if a third party does intercept the authentication value, increasing the likelihood that such interception will be evident to an entity which maintains one or both of the device controller 12 and device 1 l(n).
  • an authentication value is stored on the device 1 l(n) which the device 1 l(n) can use in generating messages which the device 1 l(n) transmits to the device controller 12.
  • the invention provides several arrangements whereby the device controller 12 is notified of the authentication value, which the device controller 12 can use in authenticating messages received from the device ll(n), and which the device controller 12 can further use in generating messages which the device controller 12 transmits to the device 1 l(n).
  • the device 1 l(n) after if receives a message from the device controller 12, can also use the authentication value in authenticating the received message.
  • the device 11 (n) can use a hash function as described above to generate a hash value using the information to be transmitted and the authentication value to generate a hash value that can be included in the message.
  • the device 11 (n) can use the same hash function in connection with the information using the information in the received message and the authentication value to generate a hash value, which it compares to the hash value in the message. If the generated authentication value corresponds to the hash value in the message, the device 11 (n) can determine that the message is authentic and that it is unlikely to have been tampered with.
  • the device controller 12 can perform similar operations in connection with messages to be transmitted to the device 1 l(n) and in connection with authenticating messages received from the device 1 l(n).
  • the authentication value need not be a globally unique value, but it is preferably one of a large enough number of globally unique values that it is unlikely that someone will be able to guess the value within a reasonable amount of time. Since the authentication values are used to authenticate messages transmitted between the device controller 12 and respective devices 11 (n), but not as addresses for the devices 1 l(n), it is not necessary to have different authentication values for different devices ll(n) in the system 10.
  • the invention provides mechanisms by which the device controller 12 and each device 11 (n) can inexpensively establish the authentication value between them, while reducing the likelihood that a third party will intercept the authentication value or, if a third party does intercept the authentication value, increasing the likelihood that such interception will be evident to an entity which maintains one or both of the device controller 12 and device 1 l(n). Since, as noted above, the authentication value is generally stored on the respective device l l(n) during the manufacturing process, it will be necessary to notify the device controller 12 of the authentication value for the respective device.
  • the authentication value is also provided to, for example, the purchaser of the device 1 l(n) when the device is purchased, in a manner such that the authentication value will not be revealed to another or, if it is, the fact that it has been revealed to another will be evident.
  • the authentication value can be provided on or in a carrier device 15 that has been sealed in tamper-evident packaging 16, that is, packaging for which, if the packaging 16 opened or otherwise tampered with, the tampering will be apparent.
  • the authentication value carrier device 15 may comprise a printed form and in that case, the device controller 12 provided with a keypad which the purchaser can use to input the authentication value after unsealing the form.
  • the authentication value can be printed in barcode form also on a tamper-evident sealed form, and in that case the device controller 12 can be provided with a barcode reader to read the barcode after the operator unseals the form.
  • the authentication value can be stored in electronic, magnetic or optical form on an authentication value carrier device 15 in the form of a storage or memory card, smart card or similar device, and in that case the device controller 12 can be provided with or communicatively coupled to a storage card reader to read the storage card or a smart card reader to read the smart card.
  • the storage or smart card will be packaged in tamper-evident packaging. If a smart card is used, instead of or in addition to use of tamper-evident packaging, the smart card can also be programmed to provide the authentication value only once; in that case, a previous retrieval of the authentication value will be evident and any subsequent attempts to obtain the authentication value will be refused.
  • the storage or smart card may also be used as the authentication value store for the device 11 (n), and can be plugged into an appropriate receptacle on the device 1 l(n) for use by the device 1 l(n) after the authentication value has been provided to the device controller 12.
  • the device 1 l(n) can transmit the authentication value over a dedicated wire or an infrared link, which may also be used as part of the communication arrangement 13. If an infrared link is used, the purchaser can hold an infrared transmitter on the device 1 l(n) proximate an infrared receiver on the device controller 12 while the device 11 (n) communicates the authentication value to the device controller 12; during that operation, the space between the transmitter and receiver can be shielded from prying by third parties.
  • the operation of providing the device controller 12 with the authentication value for a device l l(n) as described above can occur during, for example, a set-up procedure during which information such as the fact that a new device 1 l(n) is being added to the system 10 is provided to the device controller 12, information as to the nature and capabilities of device 11 (n) can be provided to the device controller 12.
  • communication protocol information can also be provided to the device controller 12 useful in identifying the communication protocol which is used by the device 1 l(n).
  • the device controller 12 can be provided with an address in the system 10 that will be used in addressing messages transmitted to the device l l(n), and if necessary the device 1 l(n) is notified of an address of device controller 12 which the device 1 l(n) can use in addressing messages transmitted to the device controller 12.
  • the information may be provided during the set-up procedure directly by the device 1 l(n), or it can be determined by device controller 12 from an internal database which it maintains. Alternatively, the information can be determined by the device controller from an external database over, for example, an external communication link which may include, for example, a public network such as the Internet, the public switched telephony network (PSTN), a cable connection, a private network, or any other data communication arrangement which will enable the device controller 12 to download information from the external database. If the device controller 12 is so connected to an external communication link , the authentication value can also be retrieved by the device controller 12.
  • PSTN public switched telephony network
  • the authentication value can be provided in encrypted form, using a public encryption key maintained for the device controller 12; after the device controller 12 receives the encrypted authentication value, it can decrypt it using a private decryption key associated with its public encryption key.
  • the device controller 12 can use, as an identifier for the device ll(n) whose authentication value is to be retrieved, a unique identifier such as a combination of information such as a manufacturer identifier, model number, a serial number, date of manufacturer, and the like, and a secret pass code that allows the device controller to retrieve the authentication value.
  • a unique identifier such as a combination of information such as a manufacturer identifier, model number, a serial number, date of manufacturer, and the like
  • a secret pass code that allows the device controller to retrieve the authentication value.
  • the external database can be configured to provide the authentication value only once; in that case, a previous retrieval of the authentication value will be evident and any subsequent attempts to obtain the authentication value will be refused.
  • the device controller 12 and devices 1 l(n) will be described in more detail in connection with FIG. 1.
  • the device controller 12 includes an authentication value database 20, a control program store 21, a device control information database 22, a communication interface 23, an authentication value input interface 24, and an operator terminal 25, all under control of a control module 26.
  • the device controller 12 is also provided with a external communications link connection, identified by reference numeral 27, which may be a connection to the external communication link as described above.
  • the communication interface 23 connects to the communication arrangement 13 and transmits messages to devices 11 (n) thereover to facilitate control of the respective devices.
  • the communication interface 23, over communication arrangement 13, also receives messages from devices 11 (n) containing, for example, status information relating to the operation of the devices 1 l(n) or the respective device controlled thereby.
  • the operator terminal 25 provides an interface, such as a keypad, through which an operator, such as a purchaser, owner, or other authorized individual or entity, can input information to the device controller 12 to facilitate control of the system 10. For example, an operator can use the operator terminal 25 to turn the device controller 12 on and off, notify the device controller 12 when a device 1 l(n) is added to the system 10 or removed from the system 10. In addition, the operator can use the operator terminal 25 to input and modify operational parameters which the device controller 12 can use in controlling the devices 1 l(n).
  • an operator can use the operator terminal 25 to turn the device controller 12 on and off, notify the device controller 12 when a device 1 l(n) is added to the system 10 or removed from the system 10.
  • the operator can use the operator terminal 25 to input and modify operational parameters which the device controller 12 can use in controlling the devices 1 l(n).
  • the external communications link connection 27 enables the device controller to communicate over an external communication link 30 to upload information to an external information user 31 and/or to download information from an external database 32.
  • Uploaded information may, if the device controller 12 is illustratively used in connection with a security system, include information as to the status of the security system, such as its maintenance status, alarm status, and the like, which may, for example, be used in scheduling system maintenance, reporting that an alarm has been triggered, and so forth.
  • Downloaded information may include, for example, device characteristics of a device 1 l(n), the authentication value for the device 1 l(n), and any other information that the external database 32 may contain for the device 1 l(n) and which the device controller 12 requests to be downloaded.
  • the authentication value input interface 24 provides an interface through which authentication values for the respective devices can be provided to the device controller 12.
  • illustrative authentication value input interfaces 24 include, for example, barcode readers, smart card readers, dedicated wires, infrared ports and the like which can, in the case of barcode or smart card readers, read bar codes or smart cards, in the case of infrared ports, receive information transmitted infrared beams, thereby to accommodate provision of authentication values to the device controller using barcodes, smart cards, dedicated wires, and infrared transmission.
  • an operator is to enter an authentication value for a device 11 (n) manually, which may be the case if, for example, the authentication value is provided in textual form on a sealed paper, he or she may enter the authentication value using the operator interface 25.
  • the authentication database 20 stores authentication values that have been provided to the device controller 12, either through the authentication value input interface 24, operator interface 25, or the external communications link connection 27.
  • the authentication database 20 can store the authentication values in either plaintext form or encrypted form.
  • the control module 26 controls the device controller 12 and generates messages for transmission to the devices 1 l(n) under control of a control program stored in the control program store 21 and information in the device control information database 22.
  • the device control information database 22 stores information for each device 11 (n) connected in the system 10, which may include, for example, device characteristic information identifying the type of device 1 l(n), characteristics of the apparatus controlled by the device l l(n), communication parameters and protocol information, and other information that the device controller 12 may find useful in communicating with and otherwise controlling the device l l(n).
  • the device control information stored in database 22 includes apparatus control information that indicates, for example, when to enable the device 1 l(n) that controls the respective apparatus to turn the apparatus on or off, settings to be used when the apparatus is on, and so forth.
  • the device characteristic information stored in the device control information database 22 may be provided when the device controller 12 is manufactured. Alternatively or in addition, device characteristic information stored in the device control information database 22 may be provided by the operator or device 1 l(n) during the set-up procedure, or it may be retrieved from the external database 32 during the set-up procedure or on a periodic basis.
  • portions of the control program stored in the control program store 21 that are specific to a particular type of device l l(n), or device controlled by device ll(n), may be similarly provided or retrieved during the set-up procedure or periodically thereafter.
  • Initial apparatus control information may be stored in the device control information database 22 during the set-up procedure, and may be updated by the operaitor as appropriate thereafter when the operator wishes to change when the system turns the apparatus on or off, settings to be used when the apparatus is on, and so forth.
  • Each device 1 l(n) includes an authentication value store 30, a communication interface 31 , an apparatus interface 32 and a control module 33.
  • the communication interface 31 connects to the communication arrangement 13 and receives messages transmitted thereto by device controller 12 to facilitate control of the device l l(n).
  • the communication interface 31, over commumcation arrangement 13, also transmits messages to device controller 12 containing, for example, status information relating to the operation of the device l l(n) or the respective apparatus controlled thereby.
  • the authentication value store 30 stores the authentication value that is associated with the device 1 l(n).
  • the authentication value store 30 may be any of a number of types of components, including any component for storing digital data in a non- volatile manner, including a built-in readonly memory, flash memory, electrically-erasable programmable read-only memory.
  • the authentication value store 30 may comprise a smart card removably mounted in a socket; in that case, the smart card 30 may be removed from the device 11 and used during the set-up procedure to provide the authentication value to the device controller 12 and hereafter re-inserted in the socket.
  • the control module 33 controls the device 1 l(n). In that operation, the control module 33, in response to authenticated messages from the device controller 12, can enable the apparatus interface to generate control signals for controlling the operation of the apparatus and/or to determine the status condition of apparatus and generate status messages for transmission through the commumcation interface 31 and over the communication arrangement 13 to the device controller 12.
  • the device controller 12, and, in particular its control module 26 In generating messages for transmission to a device 1 l(n), the device controller 12, and, in particular its control module 26, generates a hash value for the information to be transmitted in the message and the authentication value for the device 11 (n) as stored in authentication value database 20.
  • the device 1 l(n), and, in particular, its control module 33 after the message is received, can generate a hash value also using the information and the authentication value which it has stored in its authentication value store 30 and compare the hash value in the message to the hash value which it has generated, thereby to authenticate the message. If the control module 33 determines that the hash value in the message corresponds to the generated hash value, then the control module 33 will utilize the message in its operations.
  • control module 33 determines that the hash value in the message does not correspond to the generated hash value, then the control module 33 will ignore the message. In addition, the control module 33 may notify the device controller 12 that it has received a message which contained a hash value which did not correspond to the generated hash value.
  • the device 1 l(n) and, in particular its control module 33 in generating messages for transmission to device controller 12, the device 1 l(n) and, in particular its control module 33, generates a hash value for the information to be transmitted in the message and the authentication for the device 1 l(n) as stored in its authentication value store 30.
  • the device controller 12, and, in particular, its control module 26, after the message is received, can generate a hash value also using the information and the authentication value for the device 11 (n) as stored in the authentication value database 20, and compare the hash value in the message to the generated hash value, thereby to authenticate the message. If the control module 26 determines that the hash value in the message corresponds to the generated hash value, then the control module 26 will utilize the message in its operations.
  • control module 26 determines that the hash value in the message does not correspond to the generated hash value, then the control module 26 will ignore the message. In addition, the control module 26 may log the fact that it has received a message which contained a hash value which did not correspond to the generated hash value.
  • Portions of the messages transmitted by both the device l l(n) and device controller 12, including the hash value, may be in encrypted form to provide a degree of privacy.
  • the control module 33 or 26 of the device 11 (n) or device controller 12 which generates the message will encrypt the portions to be encrypted using either the symmetric key or the public encryption key of the device 1 l(n) or device controller 12 that is to receive the message.
  • the control module 26 or 33 of the device controller 12 or device 1 l(n) which receives the message can use its symmetric key or private decryption key to decrypt the encrypted portions of the message for use in the comparison.
  • the symmetric keys or public encryption keys may be provided by the device l l(n) and device controller 12 to each other during the set-up procedure and, if symmetric key encryption is to be used, some or all of the authentication value itself may comprise the symmetric key.
  • the operator may perform selected operations in connection with the device 1 l(n), including, for example, refusing to purchase the device l l(n) associated therewith if it has not been purchased, or returning it, discarding it, or other operations.
  • he or she may utilize the device 1 l(n) in the system 10 with knowledge that the packaging has been tampered with. Similar operations may be performed if, for example, the authentication value is retrieved from an external database 52.
  • FIG. 2 is a flow chart depicting operations performed by the system 10 in connection with the invention, in particular, in connection with an embodiment in which the authentication value carrier device 15 is a printed form and the operator is to enter the authentication value using an operator terminal in the form of a keyboard. Operations performed in which another form of authentication value carrier device 15 is used will be evident to those skilled in the art. The operations depicted on FIG. 2 will be apparent to those skilled in the art from the above description and so FIG. 2 will not be further describe ⁇ herein.
  • the invention provides a number of advantages.
  • the invention provides an inexpensive mechanism by which one device, such as a device controller 12, can be provided with a secret authentication value associated with another device, such as a device 1 l(n) to be controlled by the device controller, for use in authenticating communications therebetween.
  • the operator terminal 25 has been described as including a mechanism, such as a keypad, which an operator may use to input information to the device controller 12, it will be appreciated that other types of mechanisms may be used.
  • the operator terminal 25 can also include a display for displaying information to the operator.
  • the displayed information may include the information input by the operator to the device interface 12, thereby to provide visual feedback to the operator of the information that the operator is inputting.
  • the information may also include status information indicating the status condition of the device controller 12, the various devices 1 l(n), the apparatus controlled by the devices 1 l(n), and the like.
  • the device controller 12 can periodically update the authentication value to ensure against tampering. In that case, the device controller 12 can transmit an authentication value update message to the device l l(n) including an updated authentication value. It will be appreciated that the updated authentication value in the message is preferably in encrypted form to protect against interception by third parties.
  • the operator terminal 25 is depicted as forming part of the device controller 12, it will be appreciated that, instead or in addition, an operator terminal (not shown) may be remote from the device controller 12 and communicate with the device controller over a communication link (not shown).
  • a remote operator terminal may comprise, for example, a personal computer (not shown) which can communicate with the device controller 12 to facilitate operations such as those described above in connection with operator terminal 25.
  • the device controller 12 and remote operator terminal can use conventional authentication mechanisms such as passwords to provide authentication for messages transmitted during a session.
  • communications between the device controller 12 and the remote operator terminal may be encrypted using any encryption methodology.
  • the authentication value input interface 24 may form part of the device controller 12, or it may be remote therefrom and in communication therewith to facilitate providing the authentication value thereto.
  • a system in accordance with the invention can be constructed in whole or in part from special purpose hardware or a general purpose computer system, or any combination thereof, any portion of which may be controlled by a suitable program.
  • Any program may in whole or in part comprise part of or be stored on the system in a conventional manner, or it may in whole or in part be provided in to the system over a network or other mechamsm for transferring information in a conventional manner.
  • the system may be operated and/or otherwise controlled by means of information provided by an operator using operator input elements (not shown) which may be connected directly to the system or which may transfer the information to the system over a network or other mechanism for transferring information in a conventional manner.

Abstract

L'invention concerne un agencement bon marché, permettant de fournir une valeur d'authentification associée à un dispositif commandé à un contrôleur de dispositif pouvant commander ledit dispositif sur une liaison de communication, à l'aide d'une méthodologie de communication sélectionnée qui facilite l'authentification et/ou le cryptage de messages transmis entre ledit dispositif commandé et ledit contrôleur de dispositif. L'authentification et/ou le cryptage de messages sont facilitées par la valeur d'authentification associée au dispositif. L'agencement comprend un dispositif de stockage de valeurs d'authentification, et une entrée de valeur d'authentification associée au contrôleur de dispositif. Ledit dispositif de stockage de valeurs d'authentification est configuré de façon à stocker ladite valeur d'authentification séparément du dispositif. L'entrée de valeur d'authentification est configurée de façon à recevoir ladite valeur d'authentification, et est utilisée par le contrôleur de dispositif en association avec des communications avec le dispositif. L'invention concerne également un certain nombre d'exemples de dispositifs de stockage de valeurs d'authentification, et d'entrées de valeur d'authentification correspondantes, notamment des formes probantes inviolables sur lesquelles la valeur d'authentification est imprimée sous forme de code à barres alphanumérique, ou sous d'autres formes appropriées, l'entrée de valeur d'authentification se présentant, dans ces cas, sous forme d'un clavier utilisé par un utilisateur pour entrer la valeur d'authentification, sous forme d'un lecteur de code à barres permettant de lire ledit code à barres, ou analogue. L'invention concerne enfin d'autres exemples de dispositifs de stockage de valeurs d'authentification, tels que, par exemple, une carte à puce ou d'autres cartes dans lesquelles la valeur authentification est stockée sous forme électronique, magnétique, ou autre, et d'entrées de valeur d'authentification se présentant sous forme d'un lecteur de carte à puce, d'un lecteur de bande magnétique, ou analogue permettant d'extraire la valeur d'authentification du dispositif de stockage. Les valeurs d'authentification peuvent, par exemple, être stockées dans une base de données extérieure, et extraites sur le réseau.
PCT/US2001/009296 2000-03-23 2001-03-22 Systeme et procede de securite et d'authentification sur un canal de communications WO2001072012A2 (fr)

Priority Applications (1)

Application Number Priority Date Filing Date Title
AU2001249374A AU2001249374A1 (en) 2000-03-23 2001-03-22 System and method for inexpensively providing security and authentication over acommunications channel

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US53441800A 2000-03-23 2000-03-23
US09/534,418 2000-03-23

Publications (2)

Publication Number Publication Date
WO2001072012A2 true WO2001072012A2 (fr) 2001-09-27
WO2001072012A3 WO2001072012A3 (fr) 2002-04-18

Family

ID=24129937

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2001/009296 WO2001072012A2 (fr) 2000-03-23 2001-03-22 Systeme et procede de securite et d'authentification sur un canal de communications

Country Status (2)

Country Link
AU (1) AU2001249374A1 (fr)
WO (1) WO2001072012A2 (fr)

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1351480A1 (fr) * 2002-04-05 2003-10-08 Abb Research Ltd. Procédé de commande à distance d'un système
WO2004057553A2 (fr) * 2002-12-19 2004-07-08 Koninklijke Philips Electronics N.V. Systeme de telecommande et procede d'authentification
WO2006073768A1 (fr) * 2004-12-30 2006-07-13 Honeywell International, Inc. Systeme et procede d'initialisation de communications securisees avec de dispositifs de poids leger
WO2006136969A1 (fr) * 2005-06-20 2006-12-28 Koninklijke Philips Electronics N.V. Systeme comportant un premier et un deuxieme dispositif
WO2009004540A2 (fr) * 2007-07-04 2009-01-08 Philips Intellectual Property & Standards Gmbh Réseau et procédé servant à initialiser une clé de liaison d'un centre de fiducie
EP2009524A3 (fr) * 2007-01-26 2015-09-02 Rockwell Automation Technologies, Inc. Authentification de licences dans un système intégré
US9137212B2 (en) 2006-12-04 2015-09-15 Oracle America, Inc. Communication method and apparatus using changing destination and return destination ID's
US10678950B2 (en) 2018-01-26 2020-06-09 Rockwell Automation Technologies, Inc. Authenticated backplane access
CN111367184A (zh) * 2018-12-26 2020-07-03 博西华电器(江苏)有限公司 一种家电控制系统、家电及控制方法

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4728949A (en) * 1983-03-23 1988-03-01 Telefunken Fernseh Und Rundfunk Gmbh Remote control device for controlling various functions of one or more appliances
US5519878A (en) * 1992-03-18 1996-05-21 Echelon Corporation System for installing and configuring (grouping and node address assignment) household devices in an automated environment
US5909183A (en) * 1996-12-26 1999-06-01 Motorola, Inc. Interactive appliance remote controller, system and method

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4728949A (en) * 1983-03-23 1988-03-01 Telefunken Fernseh Und Rundfunk Gmbh Remote control device for controlling various functions of one or more appliances
US5519878A (en) * 1992-03-18 1996-05-21 Echelon Corporation System for installing and configuring (grouping and node address assignment) household devices in an automated environment
US5909183A (en) * 1996-12-26 1999-06-01 Motorola, Inc. Interactive appliance remote controller, system and method

Cited By (17)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1647497B (zh) * 2002-04-05 2010-12-01 Abb研究有限公司 用于对系统进行远程控制和调节的方法
WO2003085945A1 (fr) * 2002-04-05 2003-10-16 Abb Research Ltd Procédé de télécommande et/ou de téléréglage d'un système
EP1351480A1 (fr) * 2002-04-05 2003-10-08 Abb Research Ltd. Procédé de commande à distance d'un système
US8032749B2 (en) 2002-04-05 2011-10-04 Abb Research Ltd Method for remotely controlling and/or regulating a system
WO2004057553A2 (fr) * 2002-12-19 2004-07-08 Koninklijke Philips Electronics N.V. Systeme de telecommande et procede d'authentification
WO2004057553A3 (fr) * 2002-12-19 2004-10-21 Koninkl Philips Electronics Nv Systeme de telecommande et procede d'authentification
WO2006073768A1 (fr) * 2004-12-30 2006-07-13 Honeywell International, Inc. Systeme et procede d'initialisation de communications securisees avec de dispositifs de poids leger
US8051296B2 (en) 2004-12-30 2011-11-01 Honeywell International Inc. System and method for initializing secure communications with lightweight devices
WO2006136969A1 (fr) * 2005-06-20 2006-12-28 Koninklijke Philips Electronics N.V. Systeme comportant un premier et un deuxieme dispositif
US9137212B2 (en) 2006-12-04 2015-09-15 Oracle America, Inc. Communication method and apparatus using changing destination and return destination ID's
US10142119B2 (en) 2006-12-04 2018-11-27 Sun Microsystems, Inc. Communication method and apparatus using changing destination and return destination ID's
EP2009524A3 (fr) * 2007-01-26 2015-09-02 Rockwell Automation Technologies, Inc. Authentification de licences dans un système intégré
WO2009004540A3 (fr) * 2007-07-04 2009-04-30 Philips Intellectual Property Réseau et procédé servant à initialiser une clé de liaison d'un centre de fiducie
WO2009004540A2 (fr) * 2007-07-04 2009-01-08 Philips Intellectual Property & Standards Gmbh Réseau et procédé servant à initialiser une clé de liaison d'un centre de fiducie
RU2474073C2 (ru) * 2007-07-04 2013-01-27 Конинклейке Филипс Электроникс Н.В. Сеть и способ для инициализации ключа для линии центра управления безопасностью
US10678950B2 (en) 2018-01-26 2020-06-09 Rockwell Automation Technologies, Inc. Authenticated backplane access
CN111367184A (zh) * 2018-12-26 2020-07-03 博西华电器(江苏)有限公司 一种家电控制系统、家电及控制方法

Also Published As

Publication number Publication date
AU2001249374A1 (en) 2001-10-03
WO2001072012A3 (fr) 2002-04-18

Similar Documents

Publication Publication Date Title
US11044608B2 (en) System and method for access control via mobile device
US20220076513A1 (en) Access management and reporting technology
TWI491790B (zh) 智慧鎖具及其操作方法
US8583910B2 (en) Method and apparatus for device detection and multi-mode security in a control network
US11451409B2 (en) Security network integrating security system and network devices
US10979389B2 (en) Premises management configuration and control
CN105981352B (zh) 控制器、由控制器控制的附件和通信方法
US11698846B2 (en) Accessory communication control
US8620268B2 (en) Secure system for programming electronically controlled locking devices by means of encrypted acoustic accreditations
US20180083831A1 (en) Forming A Security Network Including Integrated Security System Components
EP1388126B1 (fr) Autorisation d'acces a distance a un environnement intelligent
US8473619B2 (en) Security network integrated with premise security system
US10313303B2 (en) Forming a security network including integrated security system components and network devices
US8963713B2 (en) Integrated security network with security alarm signaling system
KR102537363B1 (ko) 보안 사물 인터넷(IoT) 디바이스 프로비저닝을 위한 시스템 및 방법
US5883960A (en) Method of mobile unit registration and method of IC card registration for mobile communications system, and mobile unit, IC card, and IC card insertion type mobile unit implementing such methods
CN101375289A (zh) 具有可控制的数据传送功能的保险箱
CN1937494A (zh) 电子设备控制装置
US20050024228A1 (en) Method for matching transmitters and receiver
WO2001072012A2 (fr) Systeme et procede de securite et d'authentification sur un canal de communications
Chatzigiannakis Apps for smart buildings: A case study on building security
KR100476179B1 (ko) 지문인식을 이용한 출입통제 시스템
US11096111B2 (en) System and method to assist in adding new nodes to wireless RF networks
KR20150006099A (ko) 인터폰 제어 방법 및 장치
KR20060032854A (ko) 홈 오토메이션 시스템

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A2

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT TZ UA UG UZ VN YU ZA ZW

AL Designated countries for regional patents

Kind code of ref document: A2

Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE TR BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
DFPE Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)
AK Designated states

Kind code of ref document: A3

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT TZ UA UG UZ VN YU ZA ZW

AL Designated countries for regional patents

Kind code of ref document: A3

Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE TR BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG

122 Ep: pct application non-entry in european phase
NENP Non-entry into the national phase in:

Ref country code: JP