WO2016003310A1 - Amorçage d'un dispositif à un réseau sans fil - Google Patents

Amorçage d'un dispositif à un réseau sans fil Download PDF

Info

Publication number
WO2016003310A1
WO2016003310A1 PCT/RU2014/000494 RU2014000494W WO2016003310A1 WO 2016003310 A1 WO2016003310 A1 WO 2016003310A1 RU 2014000494 W RU2014000494 W RU 2014000494W WO 2016003310 A1 WO2016003310 A1 WO 2016003310A1
Authority
WO
WIPO (PCT)
Prior art keywords
wireless network
user
code
public key
secure hash
Prior art date
Application number
PCT/RU2014/000494
Other languages
English (en)
Inventor
Yuri Gennadievich DOLGOV
Christian Andrew WARREN
Robert TOSCANO
Pavel Evgenievich PODIVILOV
Anton Sergeevich MUKHIN
Roman Yurievich SHUVAEV
Yevgeniy Alexandrovich Gutnik
Original Assignee
Google Inc.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Google Inc. filed Critical Google Inc.
Priority to PCT/RU2014/000494 priority Critical patent/WO2016003310A1/fr
Priority to GB1621546.9A priority patent/GB2542299A/en
Publication of WO2016003310A1 publication Critical patent/WO2016003310A1/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/08Access security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/043Key management, e.g. using generic bootstrapping architecture [GBA] using a trusted network node as an anchor
    • H04W12/0431Key distribution or pre-distribution; Key agreement
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/50Secure pairing of devices
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W76/00Connection management
    • H04W76/10Connection setup
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/18Network architectures or network communication protocols for network security using different networks or channels, e.g. using out of band channels

Definitions

  • This description relates to bootstrapping or connecting devices to wireless networks.
  • the description relates to securely connecting devices (e.g., TVs, gaming consoles, computers, servers, hand-held computing devices, wearable computing devices, smartphones, smart sensors, etc.) to a wireless network.
  • devices e.g., TVs, gaming consoles, computers, servers, hand-held computing devices, wearable computing devices, smartphones, smart sensors, etc.
  • Machine-to-machine (M2M) and Internet of Things (IoT) technologies hold a promise to interconnect thousands, if not millions, of devices together for exchanging data over wired or wireless networks.
  • data transmission between the interconnected devices may not be secure (i.e., lack data trustworthiness, authenticity and privacy) unless steps are taken to ensure that the connections are secure.
  • a user may seek to connect a new device (e.g., a television set, a tablet computer or a computing wristwatch) to a wireless network (e.g., a home WiFi network) to which other devices are connected (e.g., a home computer, a smartphone, etc.).
  • a wireless network e.g., a home WiFi network
  • the user may, for example, employ a wireless protected setup (WPS) or a wireless protected access (WPA) procedure to register, authenticate and connect the new device to the wireless network.
  • WPS wireless protected setup
  • WPA wireless protected access
  • WiFi credentials e.g., network SSID, network password, etc.
  • entering WiFi credentials can be a complicated and confusing process for the user.
  • WiFi credentials on new devices e.g., a computing wristwatch
  • limited or constrained input interfaces e.g., few input buttons, small keyboards, or no display screen, etc.
  • WPS wireless network access point
  • a first device e.g., a computing device, a smart phone, etc.
  • a second device e.g., a new device
  • a second device which may be proximate to or within a coverage range of the wireless network, may seek connection to the wireless network.
  • the methods and systems may involve an exchange of public keys between the first device and the second device over an open communication channel of the wireless network. All subsequent communications between the first device and the second device over the open communication channel may be encrypted using of the pub l ic keys.
  • the methods and systems may further involve securely exchanging encrypted shared secret(s) between the first device (e.g., a computing device, a smart phone, etc.) in the wireless network and the new device over an open communication channel of the wireless network.
  • the shared secret(s) may be used in a device authentication process before wireless network connection information for a bootstrap is sent to the new device.
  • the methods and systems may confirm that both the first device and the new device are under common physical control of an authorized and authenticated user of the wireless network. By such confirmation of common physical control, the methods and systems may thwart or reduce the risk that the new device is a malicious device (e.g., a man- in-the middle attack device, a phishing device, etc.).
  • a method includes receiving, over an open
  • a third-party entity can authenticate a user of the first device, for example, by having the user log in to a user account with the third-party entity.
  • the keyword may be generated by the third-party entity.
  • the method involves displaying the keyword on both the first device and the second device and having a user of the first device physically confirm or authenticate that the keyword displayed on the second device is the same as that displayed on the first device.
  • the first device may encrypt and send wireless network connection information (e.g., wireless network credentials, registration information, etc.) over the open communication channel to the second device.
  • wireless network connection information e.g., wireless network credentials, registration information, etc.
  • An alternate or modified method may be used for bootstrap of the second device to the wireless network when the second device, for example, has an identifying device code.
  • the shared secret used in the device authentication process may be based on the device code identifying the second device.
  • the alternate method may include, after or with an exchange of p ubl i c keys by the first device and the second device over the open
  • the alternate method further involves sending the secure hash (encrypted with the public key of the first device) from the second device to the first device.
  • the alternate method additionally involves receiving, on the first device from a user of the first device, a user-entered device code for the second device, and computing a secure hash of the user-entered device code for matching with the secure hash received from the second device.
  • the alternate method Upon positive matching of the secure hash of the user-entered device code computed on the first device and the secure hash of the device code received from the second device, the alternate method involves sending, from the j first device to the second device, wireless network connection information encrypted by the public key of the second device.
  • FIG. 1 A is a schematic illustration of a system for registering
  • FIG. IB is a schematic illustration of an example generic device structure, which may be common to devices connected by the wireless network and the new device to be connected to the wireless network in the system of FIG. 1A.
  • FIG. 2 is an illustration of an example method, which can be implemented on the system of FIG. 1A, for registering, authenticating, or authorizing connection of a new device to a wireless network, in accordance with the principles of the disclosure herein.
  • FIG. 3 is an illustration of another example method which can be implemented on simplified version of the system of FIG. 1A, for registering
  • FIG. 4 is a schematic illustration of a generic computer device and a generic mobile device, which may be used with the techniques or in the systems described herein.
  • a wireless network e.g., a home WiFi network
  • the device to be connected to the wireless network may be referred to herein as a "new" device.
  • the adjective "new” as used herein to qualify the device will be understood as referring not to an age or a lack of previous use of the device, but will be understood instead as referring only to whether the device is new relative to the wireless network (i.e. the device is awaiting registration, authentication or authorization for connection to the wireless network).
  • a new device may, for example, be a computer, a computing device, or other electronic device (e.g., a tablet computer, a printer, a digital camera, a smart phone, a temperature sensor or controller, a smart meter, a television, a wearable electronic device, etc.) having a wireless communication capability for connection to the wireless network.
  • the wireless network may rely on a pre-existing infrastructure such as routers in wired networks or wireless access points (in a managed or infrastructure wireless network) to communicate or route data between devices in the wireless network.
  • the wireless network may be an ad hoc wireless network that does not rely on a pre-existing infrastructure (e.g., routers, access points, etc.) to route data between devices in the wireless network, but in which each device (node) can dynamically participate in routing data over the network by forwarding data for other devices (nodes) on the basis of, for example, instantaneous network connectivity.
  • the wireless network e.g., Open WiFi, WiFi Direct, Bluetooth, etc.
  • a process e.g., a WPS or WPA process
  • the security risks may be associated with eavesdropping or hijacking (e.g., man-in-the-middle attacks, phishing attacks, and ownership hijacking, etc.).
  • an attacker may interject an attacking device in the open channel between the new device and the wireless network and gain unauthorized access to authentication credentials by intercepting and retransmitting communications sent over the open channel during the process of registering,
  • the attacker may pretend to be a device ("phishing device") on the wireless network and attempt to trick the new device to send the authentication credentials (or other sensitive information) to the phishing device.
  • phishing device a device on the wireless network
  • the attacker may try to register the new device with the wireless network and gain use of the new device.
  • systems and methods for securely bootstrapping or connecting a new device to a wireless network over an open or unsecure channel of the wireless network may involve a third-party service provider (e.g., hosted on a server) external to the wireless network.
  • the third party service provider with which a user or installer of the new device may have a user account may generate user authentication credentials (including, for example, a unique keyword).
  • the third party service provider may use a secure communications protocol (e.g., Hypertext Transfer Protocol Secure (HTTPS)) for communications of sensitive data (e.g., the user authentication credentials) to and from a user-associated client device in the wireless network.
  • HTTPS Hypertext Transfer Protocol Secure
  • the systems and methods may further utilize the user-associated client device in the wireless network to securely exchange sensitive information (e.g., the user authentication credentials or shared secrets for use in authentication processes, wireless network credentials and registration information, etc.) with the new device.
  • sensitive information e.g., the user authentication credentials or shared secrets for use in authentication processes, wireless network credentials and registration information, etc.
  • the new device may utilize the user authentication credentials securely passed to it by the user-associated client device to authenticate with the wireless network or the user- associated client device, and use the wireless network credentials and registration information to make an authorized connection to the wireless network.
  • Securely exchanging the sensitive information between the user-associated client device and the new device over the open channel of the wireless network may involve use of a data encryption scheme to encrypt the sensitive information exchanged over the open channel of the wireless network.
  • the encryption scheme may involve public-key cryptography (also known as asymmetric cryptography). Encryption of the sensitive information may protect against disclosure of sensitive information to unauthorized parties and may frustrate use of the sensitive information by network sniffers, eavesdroppers and other malicious parties.
  • the systems and methods disclosed herein may allow the device to be authenticated and authorized for connection to the wireless network securely based on the exchange of the encrypted sensitive information between the device and the user- associated client device without requiring direct or manual input of user authentication or wireless network credentials on the device.
  • the encrypted sensitive information exchanged between the user- associated client device and the new device may include shared secrets used for authenticating the new device.
  • the systems and methods may involve displaying the shared secrets (e.g., keywords) on both the user-associated client device and the new device, and further involve physical user confirmation (on the new device or on the user- associated client device) that the shared secrets displayed on the new device and the user- associated client device are the same for authentication of the new device.
  • the shared secrets may be independently generated on both the user-associated client device and the new device as hashes of the encrypted sensitive information exchanged between the user-associated client device and the new device.
  • the independently generated shared secrets may be exchanged via further encrypted communications and may be electronically verified to be same, for example, on the user-associated client device, for authentication of the new device.
  • the systems and methods disclosed herein for securely bootstrapping or connecting a device to a wireless network may overcome the security risks associated with eavesdropping or hijacking (e.g., man-in-the-middle attacks, phishing attacks, and ownership hijacking, etc.).
  • the systems and methods require confirmation of a user's physical presence at or in proximity to both the new device (with or without a display) and the client device for authenticating or authorizing connection of the new device to the wireless network.
  • Having the same user physically present at or proximate to the new device and the client device may effectively verify the provenance of the new device and ensure that the new device is not a man-in-the-middle attacking device, a phishing device, or a hijacked device.
  • FIG. 1A is a schematic illustration of an example system 100 for registering, authenticating, or authorizing connection of a new device (e.g., device 101a, device 101b or device 101 c) to a wireless network 120, in accordance with the principles of the disclosure herein.
  • a new device e.g., device 101a, device 101b or device 101 c
  • Wireless network 120 may, for example, be an infrastructure wireless communication network (e.g., a LAN, WLAN, or home WiFi network) including, for example, wireless access points (e.g., access point 124) or routers (not shown) for data communications.
  • wireless network 120 may be an ad hoc wireless network.
  • Wireless network 120 may be linked by a wired or wireless communication link 140 to other public or private computer networks (e.g., a computer network or Internet 130).
  • Wireless network 120 may provide wireless data communication connectivity between or amongst fixed or mobile devices (e.g., devices 121) that may have been registered and authorized for connection to wireless network 120.
  • Wireless network 120 may also provide data communications connectivity between devices 121 in wireless network 120 and the other public or private computer networks (e.g., computer network or Internet 130), for example, via a wired or wireless communication link 140.
  • Devices 121 connected to wireless network 120 may include any computer, computing device, or other electronic device (e.g., a tablet computer, a printer, a digital camera, a smart phone, a temperature sensor or controller, a smart meter, a television, etc.). Further, devices 121 may include at least one user-associated client device (e.g., client device 122a, client mobile phone 122b or client personal computer 122c) that is configured for secure communications with a third-party service provider server (e.g., service provider 132), for example, via wired or wireless communications link 140.
  • Service provider 132 may, for example, be hosted on the other public or private computer networks (e.g., computer network or Internet 130) linked to wireless network 120 via wired or wireless communication link 140.
  • Service provider 132 may provide a service (e.g., a telephone service, an internet service, an e-mail service, a cloud-based computing service, a web store, a storage service, or other on-line service, etc.) to authenticated or authorized users of service provider 132.
  • a user of wireless network 120 may, for example, have a subscribed or registered user account with service provider 132 to avail of the service provided by service provider 132.
  • the user may avail of the service provided by service provider 132, for example, on the at least one user-associated client device (e.g., client device 122a, client mobile phone 122b or client personal computer 122c) that is connected to service provider 132 via wired or wireless communication link 140.
  • Service provider 132 may provide the service to the user-associated client device (e.g., device 122a, mobile phone 122b or personal computer 122c) only after authentication of user credentials (e.g., after the user logs in the user account subscribed to or registered with service provider 132).
  • service provider 132 may provide e-mail service to client personal computer 122c only after verification or authentication of user credentials (e.g., login ID and password) for the user account subscribed or registered with service provider 132.
  • Service provider 132 may use a secure communications protocol (e.g., Hypertext Transfer Protocol Secure (HTTPS)) for communication of sensitive data (e.g., user credentials) over wired or wireless communication link 140 to and from the user- associated client device (e.g., client device 122a, client mobile phone 122b or client personal computer 122c).
  • HTTPS Hypertext Transfer Protocol Secure
  • a new device e.g., device 101 a, device 101 b or device 101c requesting or seeking to be connected to a wireless network 120 may or may not have limited or constrained input capabilities (e.g., keyboard, or keypads (not shown)), and may or may not have output display capabilities (e.g., a display screen).
  • FIG. 1 A shows, for example, device 101a having a display screen 1 1a and device 101 c having a display screen l i b.
  • the new device e.g., device 101a, device 101b or device 101 c
  • the new device may, for example, broadcast an indicator of the presence of the new device and other device-related information (e.g., manufacturer, model no., device public key, etc.) over an open communication channel 150 (e.g., a radio channel) of wireless network 120.
  • System 100 may be configured so that wireless network 120 or a user-associated client device (e.g., client device 122a) can recognize or discover a proximate presence of the new device from the broadcast and initiate a process for registering, authenticating, or authorizing connection of the new device to wireless network 120.
  • service provider 132 may be configured to generate a unique user-specific keyword or other secret for the at least one user-associated client device (e.g., client device 122a) according to the user account subscribed or registered with service provider 132.
  • Service provider 132 may send the unique-specific keyword to the at least one user-associated client device (e.g., client device 122a).
  • the user-associated client device e.g., client device 122a
  • the user-associated client device may share knowledge of the unique user-specific keyword or other secret generated by service provider 132 with the user, for example, on a display screen (not shown) of client device 122a.
  • System 100 may be configured to utilize the user's knowledge of the unique user-specific keyword or other secret generated by service provider 132 as a basis for registering, authenticating, or authorizing connection of the new device to wireless network 120.
  • keywords or other secrets that may be used for authenticating the new device may be generated by the new device and/or the user-associated client device (e.g., device 122a, mobile phone 122b or personal computer 122c)) without involvement of service provider 132.
  • the new device may or may not have any display capability.
  • FIG. IB shows an example generic device structure 170, which may be common to devices 121 (e.g., client device 122a, client mobile phone 122b or client personal computer 122c) connected by wireless network 120 and the new device (e.g., device 101a, device 101 b or device 101c) to be connected to wireless network 120 in system 100.
  • Generic device structure 170 may, for example, include or be coupled to example, a transceiver circuit 172 for receiving and transmitting wireless signals.
  • Generic device structure 170 may further include digital signal processing circuitry 174, and a persistence or memory 178.
  • Digital signal processing circuitry 174 may include or be coupled to a processor 178 (e.g., an embedded processor, a general purpose processor, or a central processor, etc.), which may be configured to execute instructions stored in the memory 176 and/or manage data stored in memory 176.
  • a particular device (of devices 121 and the new device) in system 100 may include less or additional circuitry (e.g., I/O circuitry, sensor circuitry, hardware accelerators, etc.) (not shown) for functions and features specific to or characteristic of the particular device.
  • System 100 may be configured to utilize a data encryption scheme (e.g., public-key cryptography) for securing communications between system components (e.g., between the new device, the client device and the service provider, or between the new device and the client device) involved in the authentication processes that may be implemented on system 100 for registering, authenticating, or authorizing connection of the new device to wireless network 120.
  • a data encryption scheme e.g., public-key cryptography
  • system components e.g., between the new device, the client device and the service provider, or between the new device and the client device
  • Each of the system components e.g., devices
  • Each of the system components may, for example, be associated with a unique public key- private key pair for encrypting, decrypting or digitally signing the inter-component communications.
  • Communications, messages, or data sent to a receiving system component may be encrypted by a sending system component (e.g., client device 122a) using the public key of the receiving system component so that the receiving system component can decrypt the communications, messages, or data using a private key of the receiving system component.
  • the sending component may digitally sign the communications, messages, or data (using the private key of the sending component) send to the receiving component.
  • FIG. 2 schematically shows an example method 200 for registering, authenticating, or authorizing connection of a new device (e.g., device 101a, 101b or 101c) to a wireless network 120, in accordance with the principles of the disclosure herein.
  • Method 200 may be implemented, for example, in the example system 100 shown in FIG. 1.
  • the new device e.g., device 101 a
  • the at least one user-associated client device e.g., client device 122a, client mobile phone 122b or client personal computer 122c
  • the at least one user-associated client device e.g., client device 122a, client mobile phone 122b or client personal computer 122c
  • service provider 132 i.e. logged in the user account
  • Method 200 may involve initial communications between the new device (e.g., device 101a) and the at least one user-associated client device (e.g., client device 122a) over open communication channel 150 of wireless network 120 and between client device 122a and service provider 132 over communication link 140.
  • Method 200 to register, authenticate and authorize connection of new device 101 a to wireless network 120 may begin when new device 101a broadcasts it presence proximate to wireless network 120 over open communication channel 150.
  • client device 122a may detect or discover new device 101a over open communication channel 150, and request and get device 101a to broadcast device-related information including at least a public key (i.e. "device public key” (DPK)) of device 101a (210).
  • DPK device public key
  • the broadcasted device-related information may also include other device details (e.g., technical details such as manufacturer, model no., device type, etc.).
  • Client device 122a which may be on-line with service provider 132, may then transmit the public key (DP ) of device 101a and its own public key (i.e. "client device public key" (CPK)), to service provider 132 over communication link 140 (using, for example, HTTPS or other secure communications protocols).
  • service provider 132 may generate a unique keyword (230) and send a package including the DPK, CPK, and the unique keyword to client device 122a over communication link 140 (using, for example, HTTPS or other secure communications protocols).
  • the package may be digitally signed with a private key of service provider 132.
  • client device 122a may encrypt the package received from service provider 132 using the public key (DPK) of the device 101a and send the encrypted package including the unique keyword to device 101a (250).
  • Client device 122a may also display the unique keyword on client device 122a (e.g. on a display screen (not shown)) to a user of client device 122a.
  • DPK public key
  • Device 101 a may decrypt the DPK-encrypted package received from client device 122a using a private key of device 101a, verify that the DPK in the package is the public key (e.g., a current public key) of device 101 a, and may also display the unique keyword in the package on display screen 11 a of devicel O la so that the user can inspect and confirm that the unique keyword displayed on device 101 a is the same as that displayed on client device 122a (260). The user may submit a confirmation that the unique keyword displayed on device 101a is the same as that displayed on client device 122a, for example, by the user activating a designated button on devicelOla.
  • a private key of device 101a verify that the DPK in the package is the public key (e.g., a current public key) of device 101 a, and may also display the unique keyword in the package on display screen 11 a of devicel O la so that the user can inspect and confirm that the unique keyword displayed on device 101 a is the same as that displayed on client device 122
  • client device 122a may send a query to device 101 a seeking results of the user-confirmation (e.g., did the user press the designated button?) on devicel Ol a that the keyword displayed on device 101a is the same as displayed on client device 122a (270).
  • device 101 a may send to client device 122a the results (e.g., OK, Cancel, or Timeout) of the user-confirmation on device 101 a that the keyword displayed on device 101a is the same as displayed on client device 122a (280).
  • client device 122a may send wireless network credentials and registration information
  • Device 101a may acknowledge receipt (encrypted by CPK) of the wireless network credentials and registration information from client device 122a (295), and use the wireless network credentials and registration information to securely connect to wireless network 120.
  • method 200 can ensure that the user of client device 122a is aware of device 101 a seeking connection to wireless network 120 and that device 101 a is not a malicious device (e.g., a man-in- the-middle attacking device, a phishing device, or a hijacked device). Therefore, method 200 may allow new device 101 a to be securely connected or linked to wireless network 120 over open channel 140.
  • a malicious device e.g., a man-in- the-middle attacking device, a phishing device, or a hijacked device. Therefore, method 200 may allow new device 101 a to be securely connected or linked to wireless network 120 over open channel 140.
  • FIG. 3 schematically shows another example method 300 for registering, authenticating, or authorizing connection of a new device (e.g., device 101 a, 101b and 101 c) to wireless network 120, in accordance with the principles of the disclosure herein.
  • method 300 may be implemented, for example, in system 100 shown in FIG. 1.
  • method 300 may not require that the one user-associated client device (e.g., client device 122a, client mobile phone 122b or client personal computer 122c) in system 100 should be on-line with service provider 132 or log in the user account with service provider 132 during method 300.
  • method 300 can be implemented (as shown for example in FIG. 3) in a simpler version of system 100, which, for example, may not include service provider 132 or which may not include
  • communication link 140 from wireless network 120 to computer network or Internet 30.
  • Method 300 may be utilized for registering, authenticating, or authorizing connection of the new device (e.g., device 101 a) to wireless network 120 in an instance where, for example, the new device (e.g., device 101a) has display capability (e.g., display screen 1 l a), and also in an instance where the new device (e.g., device 101 b) has no or a limited data display capability (e.g., does not have a display screen).
  • the new device may have a unique device identifier or code (e.g., an alphanumeric string), which may be hard wired and stored in device memory and also may be published in device-related materials provided, for example, by the device manufacturer or vendor.
  • the device-related materials may, for example, include printed materials, a device manual, device packaging boxes or inserts, device enclosure labels, markings, or tags, etc.
  • the unique device identifier or code stored in device memory may be referred to herein as the "stored device code” and the same unique device identifier or code published in the device-related materials provided, for example, by the device manufacturer or vendor, may be referred to herein as the "published device code”.
  • the unique device identifier or code, whether stored in memory or published may also be referred to commonly herein as the "device code"
  • method 300 may involve communications between the new device (e.g., device 101a) and the at least one user-associated client device (e.g., client device 122a) over open communication channel 150 of wireless network 120 Further, like method 200, method 300 to register, authenticate and authorize connection of new device 101 a to wireless network 120 may begin when new device 101a broadcasts its presence proximate to wireless network 120 over open communication channel 150 and its presence is discovered by client device 122a. Client device 122a may request and get device 101a to broadcast device-related information including at least a public key (DPK) of device 101 a (310).
  • DPK public key
  • the broadcasted information may also include other device-related information (e.g., manufacturer, model number, device type, etc.) but may not include the unique device code associated with device 101a.
  • client device 122a may send its public key (i.e., client device public key (CPK)) encrypted by DPK to device 101a (320).
  • CPK client device public key
  • device 101a may automatically compute a secure hash of its unique device code (“device code”) stored in device memory for use as a shared secret or keyword in authentication processes (330).
  • Device 101a may use a secure hash algorithm (e.g., SHA0, SHA1 , SHA2 or SHA3) for computing the secure hash of the device code.
  • the computed secure hash may be digitally signed by device 101a using its private key.
  • Device 101 a may send the computed secure hash in a message further encrypted by CPK to client device 122a for use in the authentication processes (340).
  • client device 122a may request the user of client device 122a to enter on client device 122a the "published" device code of device 101 a and to confirm the user's physical presence at device 101a, for example, by activating a designated button on device 101a (350).
  • the published device code of device 101a may be available to the user client device 122a in device-related materials (e.g., printed materials, a device manual, device packaging boxes or inserts, device enclosure labels, tags or markings, or in serial or identification number markings) that may be provided, for example, by a manufacturer or vendor of device 101a.
  • device 101a may send a confirmation of the user's physical presence at device 101a to client device 122a (360).
  • client device 122a may compute a secure hash of the device code entered by the user on client device 122a.
  • Client device 122a may compare or match the secure hash computed by client device 122a and the secure hash received from device 101a (380).
  • client device 122a may send wireless network credentials and registration information (encrypted by DPK) to device 101a (390).
  • the positive matching of the secure hashes of the device code and the user-entered device code sufficient to trigger the sending of wireless network credentials and registration information by client device 122a to device 101 a at 390 may include only a positive matching result from the comparison and matching of the secure hashes by client device 122a at 380 (FIG. 3).
  • client device 122a may send wireless network credentials and registration information to device 101a at 390 (FIG. 3) only after an additional or alternate positive matching by device 101a of the device code entered on client device 122a by the user.
  • Device 101a may also compute another secure hash of the device code stored in its memory using the same secure hash algorithms and encryption keys as the another secure hash computation in 382 (FIG.
  • Device 101 a may compare and match the another secure hash computed by device 101a and the another secure hash received from client device 122a, and send the matching results (i.e. yes match or no match) encrypted by CPK to client device 122a (386).
  • client device 122a may use receipt of a positive matching result from device lOlat 386 (FIG. 3) (in addition to or as an alternate to a positive matching result by client 122a in 380 (FIG. 3)) as a basis in 390 (FIG. 3) for sending wireless network credentials (e.g., network set secure identification (SSID) and network password) and registration information to device 101a.
  • wireless network credentials e.g., network set secure identification (SSID) and network password
  • device 101a may acknowledge receipt of the wireless network credentials and registration information (encrypted by CPK) (395), and use the wireless network credentials and registration information to securely connect to wireless network 120.
  • shared secret information e.g., secure hashes of the device code
  • the example versions of method 300 are described using an example new device (e.g., device 101a) in which the device code is hardwired or stored in device memory and is also published in device materials that may be provided, for example, by a manufacturer or vendor of device 101 a.
  • method 300 is not limited to new devices associated with such device codes (i.e. stored and published device codes).
  • Method 300 can be used for registering, authenticating or authorizing connection of new devices that are associated with other types of unique device codes.
  • a new device e.g., device 101 c
  • device 100c may be configured to generate (e.g., on demand) a new unique device code ("new registration code") and display the new registration code on its display screen 1 1a.
  • client device 122a may, for example, while or in addition to requesting that newly discovered device 101c broadcast device-related information at 310 (FIG.
  • client device 122a at 350 may request that the user of client device 122a to use the new registration code displayed on display screen 1 la of device 101 c as the device code to be entered on client device 122a.
  • Method 300 may use the new registration code as the device code for registering, authenticating or authorizing connection of device 101 c to wireless network 120 in the same or similar manner as the use of the stored and published device code of a new device (e.g., device 101a) described in the foregoing, for example, with reference to FIG. 3.
  • a new device e.g., device 101c having a display screen (e.g., display screen 1 1 )
  • security in registering or connecting the new device to wireless networks may be improved by generating a new registration code for every registration session.
  • a new registration code generated each time there may be a reduced risk of losing or compromising the device code as may be the case with device codes that are published on device-related materials provided by the manufacturer or vendor of the new device.
  • user experience may be enhanced as the user may not have to hold on to or find the device-related materials for each time the user may want to register or connect the new device to a wireless network in the future.
  • method 300 may effectively verify the provenance of the new device and ensure that the new device is not a phishing device, or a hijacked device. Therefore, method 300 may allow new device 101c to be securely connected to wireless network 120.
  • a computer system e.g., system 100
  • the instructions when executed by one or more microprocessors (e.g., semiconductor-based hardware processors) may cause the computer system to implement method 200 or method 300 as described above with reference to FIG. 2 and FIG. 3, respectively.
  • FIG. 4 shows an example of a generic computer device 400 and a generic mobile device 450, which may be used with the techniques and the systems described herein.
  • Computing device 400 as shown is intended to represent various forms of digital computers, such as laptops, desktops, workstations, personal digital assistants, servers, blade servers, mainframes, and other appropriate computers.
  • Computing device 450 is intended to represent various forms of mobile devices, such as personal digital assistants, cellular telephones, smart phones, and other similar computing devices.
  • the components shown here, their connections and relationships, and their functions, are meant to be exemplary only, and are not meant to limit implementations of the inventions described and/or claimed in this document.
  • Computing device 400 includes a processor 402, memory 404, a storage device 406, a high-speed interface 408 connecting to memory 404 and high-speed expansion ports 410, and a low speed interface 412 connecting to low speed bus 414 and storage device 406.
  • Each of the components 402, 404, 406, 408, 410, and 412, are interconnected using various busses, and may be mounted on a common motherboard or in other manners as appropriate.
  • the processor 402 can process instructions for execution within the computing device 400, including instructions stored in the memory 404 or on the storage device 406 to display graphical information for a GUI on an external input/output device, such as display 416 coupled to high speed interface 408.
  • multiple processors and/or multiple buses may be used, as appropriate, along with multiple memories and types of memory.
  • multiple computing devices 400 may be connected, with each device providing portions of the necessary operations (e.g., as a server bank, a group of blade servers, or a multi-processor system).
  • the memory 404 stores information within the computing device 400.
  • the memory 404 is a volatile memory unit or units.
  • the memory 404 is a non-volatile memory unit or units.
  • the memory 404 may also be another form of computer-readable medium, such as a magnetic or optical disk.
  • the storage device 406 is capable of providing mass storage for the computing device 400.
  • the storage device 406 may be or contain a computer-readable medium, such as a floppy disk device, a hard disk device, an optical disk device, or a tape device, a flash memory or other similar solid state memory device, or an array of devices, including devices in a storage area network or other
  • a computer program product can be tangibly embodied in an information carrier.
  • the computer program product may also contain instructions that, when executed, perform one or more methods, such as those described above.
  • the information carrier is a computer- or machine-readable medium, such as the memory 404, the storage device 406, or memory on processor 402.
  • the high speed controller 408 manages bandwidth-intensive operations for the computing device 400, while the low speed controller 412 manages lower bandwidth- intensive operations.
  • Such allocation of functions is exemplary only. In one
  • the high-speed controller 408 is coupled to memory 404, display 416 (e.g., through a graphics processor or accelerator), and to high-speed expansion ports 410, which may accept various expansion cards (not shown).
  • low- speed controller 412 is coupled to storage device 406 and low-speed expansion port 414.
  • the low-speed expansion port which may include various communication ports (e.g., USB, Bluetooth, Ethernet, wireless Ethernet) may be coupled to one or more input/output devices, such as a keyboard, a pointing device, a scanner, or a networking device such as a switch or router, e.g., through a network adapter.
  • the computing device 400 may be implemented in a number of different forms, as shown in the figure. For example, it may be implemented as a standard server 420, or multiple times in a group of such servers. It may also be implemented as part of a rack server system 424. In addition, it may be implemented in a personal computer such as a laptop computer 422. Alternatively, components from computing device 400 may be combined with other components in a mobile device (not shown), such as device 450. Each of such devices may contain one or more of computing device 400, 450, and an entire system may be made up of multiple computing devices 400, 450 communicating with each other.
  • Computing device 450 includes a processor 452, memory 464, and an input/output device such as a display 454, a communication interface 466, and a transceiver 468, among other components.
  • the device 450 may also be provided with a storage device, such as a microdrive or other device, to provide additional storage.
  • a storage device such as a microdrive or other device, to provide additional storage.
  • Each of the components 450, 452, 454, 466, and 468 are interconnected using various buses, and several of the components may be mounted on a common motherboard or in other manners as appropriate.
  • the processor 452 can execute instructions within the computing device 450, including instructions stored in the memory 464.
  • the processor may be implemented as a chipset of chips that include separate and multiple analog and digital processors.
  • the processor may provide, for example, for coordination of the other components of the device 450, such as control of user interfaces, applications run by device 450, and wireless communication by device 450.
  • Processor 452 may communicate with a user through control interface 458 and display interface 456 coupled to a display 454.
  • the display 454 may be, for example, a TFT LCD (Thin-Film-Transistor Liquid Crystal Display) or an OLED (Organic Light Emitting Diode) display, or other appropriate display technology.
  • the display interface 456 may comprise appropriate circuitry for driving the display 454 to present graphical and other information to a user.
  • the control interface 458 may receive commands from a user and convert them for submission to the processor 452.
  • an external interface 462 may be provided in communication with processor 452, so as to enable near area communication of device 450 with other devices.
  • External interface 462 may provide, for example, for wired communication in some implementations, or for wireless communication in other implementations, and multiple interfaces may also be used.
  • the memory 464 stores information within the computing device 450.
  • the memory 464 can be implemented as one or more of a computer-readable medium or media, a volatile memory unit or units, or a non-volatile memory unit or units.
  • Expansion memory 474 may also be provided and connected to device 450 through expansion interface 472, which may include, for example, a SIMM (Single In Line Memory Module) card interface. Such expansion memory 474 may provide extra storage space for device 450, or may also store applications or other information for device 450.
  • SIMM Single In Line Memory Module
  • expansion memory 474 may include instructions to carry out or supplement the processes described above, and may include secure information also.
  • expansion memory 474 may be provided as a security module for device 450, and may be programmed with instructions that permit secure use of device 450.
  • secure applications may be provided via the SIMM cards, along with additional information, such as placing identifying information on the SIMM card in a non-hackable manner.
  • the memory may include, for example, flash memory and/or NVRAM memory, as discussed below.
  • a computer program product is tangibly embodied in an information carrier.
  • the computer program product contains instructions that, when executed, perform one or more methods, such as those described above.
  • the information carrier is a computer- or machine-readable medium, such as the memory 464, expansion memory 474, or memory on processor 452 that may be received, for example, over transceiver 468 or external interface 462.
  • Device 450 may communicate wirelessly through communication interface 466, which may include digital signal processing circuitry where necessary. Communication interface 466 may provide for communications under various modes or protocols, such as GSM voice calls, SMS, EMS, or MMS messaging, CDMA, TDMA, PDC, WCDMA, CDMA2000, or GPRS, among others. Such communication may occur, for example, through radio-frequency transceiver 468. In addition, short-range communication may occur, such as using a Bluetooth, Wi-Fi, or other such transceiver (not shown). In addition, GPS (Global Positioning System) receiver module 470 may provide additional navigation- and location-related wireless data to device 450, which may be used as appropriate by applications running on device 450.
  • GPS Global Positioning System
  • Device 450 may also communicate audibly using audio codec 460, which may receive spoken information from a user and convert it to usable digital information. Audio codec 460 may likewise generate audible sound for a user, such as through a speaker, e.g., in a handset of device 450. Such sound may include sound from voice telephone calls, may include recorded sound (e.g., voice messages, music files, etc.) and may also include sound generated by applications operating on device 450.
  • Audio codec 460 may receive spoken information from a user and convert it to usable digital information. Audio codec 460 may likewise generate audible sound for a user, such as through a speaker, e.g., in a handset of device 450. Such sound may include sound from voice telephone calls, may include recorded sound (e.g., voice messages, music files, etc.) and may also include sound generated by applications operating on device 450.
  • the computing device 450 may be implemented in a number of different forms, as shown in the figure. For example, it may be implemented as a cellular telephone 480. It may also be implemented as part of a smart phone 482, personal digital assistant, or other similar mobile device.
  • Various implementations of the systems and techniques described here can be realized in digital electronic circuitry, integrated circuitry, specially designed ASICs (application specific integrated circuits), computer hardware, firmware, software, and/or combinations thereof.
  • ASICs application specific integrated circuits
  • These various implementations can include implementation in one or more computer programs that are executable and/or interpretable on a programmable system including at least one programmable processor, which may be special or general purpose, coupled to receive data and instructions from, and to transmit data and instructions to, a storage system, at least one input device, and at least one output device.
  • machine-readable signal refers to any signal used to provide machine instructions and/or data to a programmable processor.
  • the systems and techniques described here can be implemented on a computer having a display device (e.g., a CRT (cathode ray tube) or LCD (liquid crystal display) monitor) for displaying information to the user and a keyboard and a pointing device (e.g., a mouse or a trackball) by which the user can provide input to the computer.
  • a display device e.g., a CRT (cathode ray tube) or LCD (liquid crystal display) monitor
  • a keyboard and a pointing device e.g., a mouse or a trackball
  • Other kinds of devices can be used to provide for interaction with a user as well; for example, feedback provided to the user can be any form of sensory feedback (e.g., visual feedback, auditory feedback, or tactile feedback); and input from the user can be received in any form, including acoustic, speech, or tactile input.
  • the systems and techniques described here can be implemented in a computing system that includes a back end component (e.g., as a data server), or that includes a middleware component (e.g., an application server), or that includes a front end component (e.g., a client computer having a graphical user interface or a Web browser through which a user can interact with an implementation of the systems and techniques described here), or any combination of such back end, middleware, or front end components.
  • the components of the system can be interconnected by any form or medium of digital data communication (e.g., a communication network). Examples of communication networks include a local area network ("LAN”), a wide area network (“WAN”), and the Internet.
  • LAN local area network
  • WAN wide area network
  • the Internet the global information network
  • the computing system can include clients and servers.
  • a client and server are generally remote from each other and typically interact through a communication network.
  • the relationship of client and server arises by virtue of computer programs running on the respective computers and having a client-server relationship to each other.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

L'invention concerne un procédé qui consiste à recevoir sur un canal de communication ouvert d'un réseau sans fil, au moyen d'un premier dispositif dans le réseau sans fil, une clé publique d'un second dispositif à proximité du réseau sans fil et à envoyer un mot-clé chiffré avec le DPK du premier dispositif au second dispositif. Le procédé consiste en outre à afficher le mot-clé aussi bien sur le premier dispositif que sur le second dispositif. Après la confirmation par un utilisateur du premier dispositif que le mot-clé affiché sur le second dispositif et le mot-clé affiché sur le premier dispositif sont identiques, le procédé consiste à envoyer, du premier dispositif au second dispositif, des informations de connexion au réseau sans fil chiffrées portant sur la connexion automatique du second dispositif au réseau sans fil.
PCT/RU2014/000494 2014-07-04 2014-07-04 Amorçage d'un dispositif à un réseau sans fil WO2016003310A1 (fr)

Priority Applications (2)

Application Number Priority Date Filing Date Title
PCT/RU2014/000494 WO2016003310A1 (fr) 2014-07-04 2014-07-04 Amorçage d'un dispositif à un réseau sans fil
GB1621546.9A GB2542299A (en) 2014-07-04 2014-07-04 Bootstrapping a device to a wireless network

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/RU2014/000494 WO2016003310A1 (fr) 2014-07-04 2014-07-04 Amorçage d'un dispositif à un réseau sans fil

Publications (1)

Publication Number Publication Date
WO2016003310A1 true WO2016003310A1 (fr) 2016-01-07

Family

ID=52595398

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/RU2014/000494 WO2016003310A1 (fr) 2014-07-04 2014-07-04 Amorçage d'un dispositif à un réseau sans fil

Country Status (2)

Country Link
GB (1) GB2542299A (fr)
WO (1) WO2016003310A1 (fr)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP3565211A1 (fr) * 2018-05-03 2019-11-06 Nokia Technologies Oy Procédé, élément de réseau, système et support lisible par ordinateur pour l'embarquement d'un dispositif
US11317286B2 (en) 2018-03-21 2022-04-26 At&T Intellectual Property I, L.P. Network authentication via encrypted network access packages
WO2024120671A1 (fr) * 2022-12-07 2024-06-13 Electrolux Appliances Aktiebolag Intégration d'un appareil électroménager à un réseau à l'aide d'un appareil électroménager connecté au réseau

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20090228707A1 (en) * 2008-03-06 2009-09-10 Qualcomm Incorporated Image-based man-in-the-middle protection in numeric comparison association models
US20120054493A1 (en) * 2010-08-30 2012-03-01 Apple Inc. Secure wireless link between two devices using probes

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20090228707A1 (en) * 2008-03-06 2009-09-10 Qualcomm Incorporated Image-based man-in-the-middle protection in numeric comparison association models
US20120054493A1 (en) * 2010-08-30 2012-03-01 Apple Inc. Secure wireless link between two devices using probes

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
WI-FI ALLIANCE: "Wi-Fi CERTIFIED for Wi-Fi Protected Setup: Easing the User Experience for Home and Small Office Wi-Fi Networks", INTERNET CITATION, 2007, pages 1 - 14, XP002567243, Retrieved from the Internet <URL:http://www.wi-fi.org/wp/wifi-protected-setup> [retrieved on 20100201] *

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11317286B2 (en) 2018-03-21 2022-04-26 At&T Intellectual Property I, L.P. Network authentication via encrypted network access packages
US11647389B2 (en) 2018-03-21 2023-05-09 At&T Intellectual Property I, L.P. Network authentication via encrypted network access packages
EP3565211A1 (fr) * 2018-05-03 2019-11-06 Nokia Technologies Oy Procédé, élément de réseau, système et support lisible par ordinateur pour l'embarquement d'un dispositif
WO2024120671A1 (fr) * 2022-12-07 2024-06-13 Electrolux Appliances Aktiebolag Intégration d'un appareil électroménager à un réseau à l'aide d'un appareil électroménager connecté au réseau

Also Published As

Publication number Publication date
GB2542299A (en) 2017-03-15
GB201621546D0 (en) 2017-02-01

Similar Documents

Publication Publication Date Title
US11265319B2 (en) Method and system for associating a unique device identifier with a potential security threat
EP3605989B1 (fr) Procédé d&#39;envoi d&#39;informations, procédé de réception d&#39;informations, appareil et système
US10666642B2 (en) System and method for service assisted mobile pairing of password-less computer login
US10218501B2 (en) Method, device, and system for establishing secure connection
US10742626B2 (en) Method for key rotation
EP2950506B1 (fr) Procede permettant d&#39;etablir un canal de communication securise
JP5474969B2 (ja) 携帯機器の関連付け
KR101490214B1 (ko) 공유된 일시적 키 데이터의 세트를 갖는 교환들을 인코딩하기 위한 시스템들 및 방법들
JP5431479B2 (ja) 機器とステーションの関連付けのためのプロトコル
AU2011309758B2 (en) Mobile handset identification and communication authentication
EP3308519B1 (fr) Système, appareil et procédé de transfert de propriété d&#39;un dispositif du fabricant à l&#39;utilisateur à l&#39;aide d&#39;une ressource intégrée
CN110611905A (zh) 信息共享方法、终端设备、存储介质及计算机程序产品
US9344455B2 (en) Apparatus and method for sharing a hardware security module interface in a collaborative network
US11736304B2 (en) Secure authentication of remote equipment
US20070101136A1 (en) Secure login method for establishing a wireless local area network connection, and wireless local area network system
WO2016003311A1 (fr) Démarrage de dispositif vers réseau sans fil
JP2016533694A (ja) ユーザアイデンティティ認証方法、端末及びサーバ
EP3794852B1 (fr) Procédés et systèmes sécurisés permettant d&#39;identifier des dispositifs connectés bluetooth avec application installée
WO2016003310A1 (fr) Amorçage d&#39;un dispositif à un réseau sans fil
KR101172876B1 (ko) 사용자 단말기와 서버 간의 상호 인증 방법 및 시스템
WO2015124798A2 (fr) Procédé et système autorisant une opération validée par authentification pour un dispositif de traitement de données
WO2016176902A1 (fr) Procédé d&#39;authentification de terminal, terminal de gestion et terminal d&#39;application
TWI514189B (zh) 網路認證系統及其方法

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 14841343

Country of ref document: EP

Kind code of ref document: A1

ENP Entry into the national phase

Ref document number: 201621546

Country of ref document: GB

Kind code of ref document: A

Free format text: PCT FILING DATE = 20140704

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 14841343

Country of ref document: EP

Kind code of ref document: A1