WO2005055523A1 - Systeme et methode pour construire un domaine faisant appel a une carte a puce contenant des informations concernant un dispositif d'element de reseau domestique - Google Patents

Systeme et methode pour construire un domaine faisant appel a une carte a puce contenant des informations concernant un dispositif d'element de reseau domestique Download PDF

Info

Publication number
WO2005055523A1
WO2005055523A1 PCT/KR2004/003111 KR2004003111W WO2005055523A1 WO 2005055523 A1 WO2005055523 A1 WO 2005055523A1 KR 2004003111 W KR2004003111 W KR 2004003111W WO 2005055523 A1 WO2005055523 A1 WO 2005055523A1
Authority
WO
WIPO (PCT)
Prior art keywords
home network
network member
home
challenge value
master
Prior art date
Application number
PCT/KR2004/003111
Other languages
English (en)
Inventor
Jae-Heung Lee
Myung-Sun Kim
Su-Hyun Nam
Yong-Jin Jang
Yang-Lim Choi
Original Assignee
Samsung Electronics Co., Ltd.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from KR1020040010409A external-priority patent/KR101086399B1/ko
Application filed by Samsung Electronics Co., Ltd. filed Critical Samsung Electronics Co., Ltd.
Priority to EP04808248A priority Critical patent/EP1690375A1/fr
Publication of WO2005055523A1 publication Critical patent/WO2005055523A1/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0853Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal

Definitions

  • the present invention relates to a method of joining a controlled device to a home network, and more particularly, to a method of joining a controlled device to a home network domain by using a smart card which contains information of the controlled device.
  • the xCP cluster protocol is a technology based on broadcast encryption and adopts a method of introducing a domain concept called a cluster and allows devices included in the cluster to freely use each other's contents.
  • FIG. 1 is a block diagram of a conventional home domain with a master-slave structure.
  • FIG. 2 is a flowchart illustrating a process wherein a master device authenticates legality of a device intending to join a home domain.
  • a process of building an authenticated home domain 100 with a master-slave structure on the basis of the xCP cluster protocol is described. The process is largely divided into a cluster generation process in step S210 and a device authentication process in step S220.
  • a first device 110 which is connected to a certain home network at first, generates a binding identification (IDb) of the home network in step S212.
  • the IDb is a unic ⁇ e identifier set when the device is manufactured or set by a user.
  • a cluster identified by the IDb i.e., a domain, is generated.
  • Each of devices 120, 1 0, and 140 which intend to use contents stored in the first device 110, extracts a media key (Km) from a media key block (MKB) using a device key in step S221.
  • Km media key
  • MKB media key block
  • Each of the devices 120, 130, and 140 generates a secret key (Kp) using the extracted Km and a personal ID (IDp) in step S223.
  • the first device 110 obtains Kp' using the Km and the IDp, compares a hash value obtained using the Kp' and the hash value h received from each of the devices 120, 130, and 140 and determines whether the hash values h and h' are the same.
  • the first device 110 transmits E(IDb)Kp, in which the IDb is encrypted using the Kp, and the IDp, which is a uniqie ID of each of the devices 120, 130, and 140, to the devices 120, 130, and 140 and adds the IDp in an authentication table (auth.tab).
  • E(IDb)Kp in which the IDb is encrypted using the Kp
  • IDp which is a uniqie ID of each of the devices 120, 130, and 140
  • the authenticated home domain 100 which includes a master device 110 and slave devices 120, 130, and 140, is built. After the authenticated home domain 100 is built, the slave devices 120, 130, and 140 can receive contents from the master device 110 and use them.
  • a controlled device authenticated as a legal device by a master device joins an authenticated home domain more simply and safely by reading a smart card corresponding to the controlled device in a smart card reader.
  • FIG. 1 is a block diagram of a conventional home domain with a master-slave structure
  • FIG. 2 is a flowchart illustrating a process wherein a master device authenticates legality of a device intending to join a home domain
  • FIG. 3 is a block diagram of a home network consistent with an exemplary embodiment of the present invention.
  • FIG. 4 is a flowchart of a method of building a home domain consistent with an exemplary embodiment of the present invention
  • FIG. 5 a block diagram of a master device consistent with an exemplary embodiment of the present invention.
  • FIG. 6 is a block diagram of a guest device consistent with an exemplary embodiment of the present invention. Best Mode
  • a home domain building system comprising: a guest device, legality of which is authenticated by a master device in a home domain; and a data storage medium which stores device information of the guest device, wherein the device information, after the legality of the guest device is authenticated by the master device, is read by the master device and used for the master device to join the guest device to the home domain.
  • a home domain building system comprising: a guest device, legality of which is authenticated; a data storage medium which stores device information of the guest device; and a master device in a predetermined home domain, which, after the legality of the guest device is authenticated by the master device, reads the device information of the guest device and joins the guest device in the home domain on the basis of the read device information.
  • a home domain building method of joining a guest device in a predetermined home domain in a home network comprising a master device in the home domain and the guest device, legality of which is authenticated by the master device, the method comprising: the master device reading device information from a data storage medium storing the device information of the guest device; and the master device joining the guest device in the home domain on the basis of the read device information.
  • the master device joining the guest device in the home domain on the basis of the read device information may comprise: transmitting a challenge reqiest signal from the master device to the guest device; generating a challenge value in response to the challenge reqiest signal in the guest device and transmitting the challenge value to the master device; encrypting the challenge value using a predetermined encryption algorithm in the master device and transmitting the encrypted challenge value to the guest device; decrypting the encrypted challenge value using the predetermined encryption algorithm in the guest device; and determining whether the decrypted challenge value is the same as the generated challenge value in the guest device, and if the decrypted challenge value is the same as the generated challenge value, allowing the master device to join the guest device in the home domain.
  • a home network member device comprising: a communication unit, which, when device information of the home network member device is read by a master device in a home domain from a storage medium having the device information, exchanges predetermined information with the master device on the basis of the read device information; and a master device authentication unit, which authenticates whether the master device has a right to join the home network member device in the home domain by exchanging the predetermined information.
  • the master device authentication unit generates a challenge value in response to a challenge reqiest signal received from the master device, decrypts the challenge value encrypted in the master device using a predetermined encryption algorithm, determines whether the decrypted challenge value is the same as the generated challenge value, and if the decrypted challenge value is the same as the generated challenge value, allows the master device to join the home network member device in the home domain.
  • the device information comprises a device ID, which is used to distinguish the home network member device and referred to by the master device to determine a guest device to transmit the challenge reqiest signal, and a device key, which is used as an encryption key for encrypting the challenge value.
  • the master device authentication unit has a same decryption key as the device key, and if the predetermined encryption algorithm is an asymmetric encryption algorithm, the master device authentication unit has a secret key making a pair with the device key.
  • a master device authentication method that allows a home network member device to authenticate a master device in a home domain, the method comprising: the home network member device, when device information of the home network member device is read by a master device forming a home domain from a storage medium having the device information, exchanging predetermined information with the master device on the basis of the read device information; and the home network member device authenticating whether the master device has a right to join the home network member device in the home domain by exchanging the predetermined information.
  • a computer readable medium having recorded thereon a computer readable program for performing the master device authentication method.
  • a computer readable medium having recorded thereon a computer readable program for performing a master device authentication method that allows a home network member device to authenticate a master device in a home domain, the method comprising: the home network member device, when device information of the home network member device is read by the master device in the home domain from a storage medium having the device information, receiving a challenge reqiest signal from the master device; the home network member device generating a challenge value in response to the challenge reqiest signal and transmitting the challenge value to the master device; the home network member device receiving the challenge value encrypted using a predetermined encryption algorithm by the master device and decrypting the encrypted challenge value using the predetermined encryption algorithm; the home network member device determining whether the decrypted challenge value is the same as the generated challenge value; and the home network member device, if the decrypted challenge value is the same as the generated challenge value, allowing the master device to join the home network member device in the home domain.
  • a first home network member device which operates as a master device in a home domain in a case where a device mode of the first home network member device is set to master mode and joins a second home network member device in the home domain, comprising: a data reader, which, when the first home network member device operates as a master device, reads device information of the second home network member device from a data storage medium of the second home network member device; and a device join processing unit, which joins the second home network member device in the home domain through exchanging predetermined information with the second home network member device on the basis of the read device information.
  • the device join processing unit joins the second home network member device in the home domain in a case where legality of the first home network member device is authenticated by the second home network member device.
  • the device join processing unit joins the second home network member device in the home domain in a case where the device join processing unit transmits a challenge reqiest signal to the second home network member device on the basis of the read device information, receives a challenge value generated in response to the challenge reqiest signal by the second home network member device, encrypts the challenge value using a predetermined encryption algorithm, transmits the encrypted challenge value to the second home network member device, and receives an authentication result that the encrypted challenge value is legal from the second home network member device.
  • the device join processing unit joins the second home network member device in the home domain in a case where it is determined by the second home network member device that a challenge value that is decrypted from the encrypted challenge value using the predetermined encryption algorithm is the same as the generated challenge value.
  • a method of allowing a master device in a home domain, which is a first home network member device, to join a second home network member device in the home domain comprising: the master device, reading device information of the second home network member device from a data storage medium of the second home network member device; and the master device joining the second home network member device in the home domain through exchanging predetermined information with the second home network member device on the basis of the read device information.
  • a computer readable medium having recorded thereon a computer readable program for performing the method that allows a master device in a home domain to join another home network member device in the home domain.
  • a data storage medium which is used for a master device in a predetermined home domain to join a guest device, legality of which is authenticated, in the predetermined home domain, comprising: a device information storage unit, which stores device information of the guest device, wherein the device information stored in the data storage medium is read by the master device and the read device information is used for joining the guest device in the predetermined home domain.
  • the device information comprises a device ID, which is used to distinguish the guest device, and a device key, which is used as an encryption key for encrypting predetermined information when the guest device is joined to the predetermined home domain.
  • the data storage medium is a smart card.
  • FIG. 3 is a block diagram of a home network consistent with an exemplary embodiment of the present invention.
  • One of devices 310 through 360 configuring a home network is set as a master device 310, devices authenticated as legal devices by the master device 310 are set as guest devices 320 through 360, and devices selected by a user of the guest devices are joined as slave devices 320, 330 and 340 in a domain. At this time, the devices selected as the slave devices by the user are registered in a slave device list (not shown) of the master device 310. Meanwhile, the devices 320 through 360 have smart cards 320a through 360a corresponding to the devices 320 through 360, respectively, and the master device 310 has a card reader 310a.
  • Each of the smart cards 320a through 360a allocated to devices 320 through 360 stores device information including a serial number of a device, a device ID, which can be used to distinguish a certain device from other devices such as a universal uniqie identifier (UUID) in a case of universal plug and play (UPnP), and a device key used for data encryption.
  • the device information is used to join a guest device to a home domain by changing the device mode of the guest device to the slave mode.
  • Each of the devices 320 through 360 has a key corresponding to the device key stored in the smart card, and if a system is built by a symmetric encrypting method in which an encryption key and a decryption key are the same, each of the devices 320 through 360 has a secret key eqial to the device key stored in the corresponding smart card, and if a system is built by an asymmetric encrypting method in which an encryption key and a decryption key are different from each other, each of the devices 320 through 360 has a secret key making a pair with the device key, which is a public key, stored in the corresponding smart card.
  • the smart card which is a kind of integrated circuit (IC) chip card
  • IC integrated circuit
  • a memory card can be simply adopted, and an optical recording medium or a magnetic recording medium can also be adopted instead of the smart card. That is, if information can be written to and read from a medium, any medium can be applied to the present invention without considering a type of the medium.
  • the smart card is used in the exemplary embodiment.
  • the card reader can be used as the smart card reader 310a whether it is an insert style card or a non-insert style card.
  • the smart card reader 310a can be a non- insert style card.
  • FIG. 4 is a flowchart of a method of allowing a guest device 350 to join a domain as a slave device consistent with an exemplary embodiment of the present invention. At this time, the guest device 350 is status authenticated as a legal device through the authentication process of FIG. 2.
  • the smart card reader 310a of the master device 310 reads device information of the guest device 350 stored in the smart card 350a in step S304.
  • the device information includes a serial number of the guest device 350, a device ID such as a UUID, and a device key used for information encryption.
  • the smart card reader 310a is shown as being separated from the master device 310. However, the smart card reader 310a is included as a component of the master device 310 as a data reader 310a as shown in FIG. 5.
  • step S306 the master device 310 determines the guest device 350 from the device ID of the device information of the guest device 350 and transmits a challenge reqiest signal to the guest device 350.
  • step S308 the guest device 350 receives the challenge reqiest signal from the master device 310, generates a challenge k, which is a random number, and transmits the challenge k to the master device 310 in step S309.
  • step S310 the master device 310, which receives the challenge k from the guest device 350, generates E(k) that the challenge k is encrypted with the device key of the guest device 350 read in step S304 using a predetermined encryption algorithm and transmits the E(k) to the guest device 350 in step S311.
  • step S312 the guest device 350, which receives the E(k) from the master device 310, generates D(E(k)) that the E(k) is decrypted with a key stored in the guest device 350 using the predetermined encryption algorithm used for encrypting the challenge k in the master device 310 and determines whether the D(E(k)) is the same as the challenge k generated in step S308.
  • step S314 if the D(E(k)) and the challenge k are the same, the guest device 350 transmits an authentication success signal to the master device 310, and if the D(E(k)) and the challenge k are not the same, the guest device 350 transmits an authentication failure signal to the master device 310.
  • step S316 the master device 310, which receives the authentication result from the guest device 350, determines whether the authentication succeeded or failed. If the authentication succeeded in step S316, the master device 310 transmits a device mode change signal to the guest device 350 in step S318, and the guest device 350 changes its own device mode to the slave mode according to the device mode change signal in step S320. At this time, the master device 310 newly registers the guest device 350 in a slave device list of the master device 310.
  • the master device 310 outputs an authentication failure message through a user interface screen in step S322, and the user determines that the current master device 310 is an external master device, which is not compatible with the guest device 350.
  • FIGS. 5 and 6 internal configurations of the master device 310 and the guest device 350 are shown, respectively.
  • the data reader 310a of FIG. 3 is plugged in the master device 310 as a component of the master device 310.
  • a device join processing unit 310b transmits a challenge reqiest signal to the guest device 350 by determining the guest device 350 using the device ID of the guest device 350 read by the data reader 310a in step S306, retransmits an encrypted challenge value to the guest device 350 by encrypting a challenge k received from the guest device 350 using a predetermined encryption algorithm in step S310, and according to an authentication result of the encrypted challenge value in the guest device 350, joins the guest device 350 in a home domain in step S318, or outputs an authentication failure message in step S322.
  • a communication unit 350b of the guest device 350 performs communication with the master device 310, such as receiving the challenge reqiest signal from the master device 310 after a smart card 350a of the guest device 350 is read by the master device 310, transmitting the challenge k to the master device 310, receiving the encrypted challenge value from the master device 310, and transmitting an authentication result of the encrypted challenge value to the master device 310.
  • a master device authentication unit 350c randomly generates the challenge k in response to the challenge reqiest signal from the master device 310 in step S308, decrypts the encrypted challenge value with a decrypting key, which the master device authentication unit 350c has, and authenticates whether the decrypted challenge value is the same as the challenge k generated in step S308 in step S312.
  • the master device 310 joins the guest device 350 in the home domain or outputs the authentication failure message.
  • the device join processing function of the master device 310 and the master device authentication function of the guest device 350 described above can be written as computer programs and can be implemented in each of the devices that execute the programs using a computer readable recording medium.
  • Examples of the computer readable recording medium include magnetic storage media (e.g., ROM, floppy disks, hard disks, etc.), optical recording media (e.g., CD-ROMs, or DNDs), and storage media such as carrier waves (e.g., transmission through the Internet).

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Small-Scale Networks (AREA)

Abstract

L'invention concerne une méthode et un système de construction de domaine domestique permettant à des dispositifs de rejoindre un domaine domestique au moyen de cartes à puce. Dans la méthode de l'invention, un dispositif maître lit des informations de dispositif, à partir d'une carte à puce présentant une ID de dispositif et une clé de dispositif, en tant qu'informations de dispositif d'un dispositif invité authentifié en tant que dispositif légal, et transmet un signal de demande d'identification à un dispositif invité. Le dispositif invité génère de manière aléatoire une valeur d'identification en réaction au signal de demande d'identification. Le dispositif maître code la valeur d'identification au moyen d'une clé de dispositif de dispositif invité et transmet la valeur d'identification codée au dispositif invité. Le dispositif invité décode la valeur d'identification codée et si cette valeur est identique à la valeur d'identification générée en réaction au signal de demande d'identification, le dispositif invité permet au dispositif maître de rejoindre le dispositif indiqué dans le domaine domestique.
PCT/KR2004/003111 2003-12-01 2004-11-29 Systeme et methode pour construire un domaine faisant appel a une carte a puce contenant des informations concernant un dispositif d'element de reseau domestique WO2005055523A1 (fr)

Priority Applications (1)

Application Number Priority Date Filing Date Title
EP04808248A EP1690375A1 (fr) 2003-12-01 2004-11-29 Système et méthode pour construire un réseau domestique en utilisant unecarte à puce qui contient des informations sur l'appareil du membre du réseau domestique

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
US52570103P 2003-12-01 2003-12-01
US60/525,701 2003-12-01
KR1020040010409A KR101086399B1 (ko) 2003-12-01 2004-02-17 홈 네트워크 구성 기기의 정보를 담고 있는 스마트 카드를이용하여 홈 도메인을 구축하는 시스템 및 방법
KR10-2004-0010409 2004-02-17

Publications (1)

Publication Number Publication Date
WO2005055523A1 true WO2005055523A1 (fr) 2005-06-16

Family

ID=36649269

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/KR2004/003111 WO2005055523A1 (fr) 2003-12-01 2004-11-29 Systeme et methode pour construire un domaine faisant appel a une carte a puce contenant des informations concernant un dispositif d'element de reseau domestique

Country Status (2)

Country Link
EP (1) EP1690375A1 (fr)
WO (1) WO2005055523A1 (fr)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113660099A (zh) * 2021-09-01 2021-11-16 珠海格力电器股份有限公司 一种物联设备的鉴权方法、鉴权服务器、用户设备服务器

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2002168892A (ja) * 2000-11-30 2002-06-14 Sharp Corp 方向性結合器の特性測定方法及びその方法を用いた方向性結合器及びこの方向性結合器を備えたプラズマ処理装置
US20040111496A1 (en) * 2002-12-10 2004-06-10 Lg Electronics Inc. Home network system and method for adding and/or deleting home appliances
US20040158333A1 (en) * 2001-05-30 2004-08-12 Sam-Chul Ha Network control system for home appliances

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2002168892A (ja) * 2000-11-30 2002-06-14 Sharp Corp 方向性結合器の特性測定方法及びその方法を用いた方向性結合器及びこの方向性結合器を備えたプラズマ処理装置
US20040158333A1 (en) * 2001-05-30 2004-08-12 Sam-Chul Ha Network control system for home appliances
US20040111496A1 (en) * 2002-12-10 2004-06-10 Lg Electronics Inc. Home network system and method for adding and/or deleting home appliances

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113660099A (zh) * 2021-09-01 2021-11-16 珠海格力电器股份有限公司 一种物联设备的鉴权方法、鉴权服务器、用户设备服务器
CN113660099B (zh) * 2021-09-01 2022-10-18 珠海格力电器股份有限公司 一种物联设备的鉴权方法、鉴权服务器、用户设备服务器

Also Published As

Publication number Publication date
EP1690375A1 (fr) 2006-08-16

Similar Documents

Publication Publication Date Title
US8347076B2 (en) System and method for building home domain using smart card which contains information of home network member device
EP1521422B1 (fr) Procédé de création d'un domaine basé sur une cryptographie à clé publique
KR100718598B1 (ko) 디바이스들의 사이에서 디지털 데이터의 안전한 통신을 제공하기 위한 방법 및 장치
US6581160B1 (en) Revocation information updating method, revocation information updating apparatus and storage medium
US7296147B2 (en) Authentication system and key registration apparatus
EP1276106B1 (fr) Système de protection de contenu numérique, appareil d'enregistrement, appareil de transmission et appareil de reproduction
US20040250077A1 (en) Method of establishing home domain through device authentication using smart card, and smart card for the same
JP4477835B2 (ja) 認証システム、鍵登録装置及び方法
US20080235810A1 (en) Method of Authorizing Access to Content
US8694799B2 (en) System and method for protection of content stored in a storage device
JP2007528658A (ja) 改良されたドメインマネージャ及びドメイン装置
JP4713745B2 (ja) 認証通信装置及び認証通信システム
EP1690375A1 (fr) Système et méthode pour construire un réseau domestique en utilisant unecarte à puce qui contient des informations sur l'appareil du membre du réseau domestique
JP4564572B1 (ja) 送信装置、受信装置及びコンテンツ送受信方法
KR20070022019A (ko) 개선된 도메인 매니저 및 도메인 디바이스

Legal Events

Date Code Title Description
WWE Wipo information: entry into national phase

Ref document number: 200480035522.X

Country of ref document: CN

AK Designated states

Kind code of ref document: A1

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BW BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE EG ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NA NI NO NZ OM PG PH PL PT RO RU SC SD SE SG SK SL SY TJ TM TN TR TT TZ UA UG UZ VC VN YU ZA ZM ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): BW GH GM KE LS MW MZ NA SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IS IT LU MC NL PL PT RO SE SI SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

DPEN Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed from 20040101)
WWE Wipo information: entry into national phase

Ref document number: 2004808248

Country of ref document: EP

NENP Non-entry into the national phase

Ref country code: DE

WWW Wipo information: withdrawn in national office

Ref document number: DE

WWP Wipo information: published in national office

Ref document number: 2004808248

Country of ref document: EP