초록 ▼

An Enhanced Shared Secret Provisioning Protocol (ESSPP) provides a novel method and system for adding devices to a network in a secure manner. A registration process is launched at two network devices together within a predetermined time interval. These two devices then automatically register with e

An Enhanced Shared Secret Provisioning Protocol (ESSPP) provides a novel method and system for adding devices to a network in a secure manner. A registration process is launched at two network devices together within a predetermined time interval. These two devices then automatically register with each other. When two devices running ESSPP detect each other, they exchange identities and establish a key that can later be used by the devices to mutually authenticate each other and generate session encryption keys. With ESSPP, two ESSPP devices that are attempting to register with each other will only provision a key when they detect that they are the only two ESSPP devices on the wireless network running ESSPP. If additional devices running ESSPP are detected, the ESSPP protocol is either terminated or suspended.

대표청구항 ▼

We claim: 1. A method for registering two network devices with each other, comprising the steps of: launching a registration process at said two network devices with a pair of registration triggers supported on said two network devices within a predetermined time interval of one another; transmitti

We claim: 1. A method for registering two network devices with each other, comprising the steps of: launching a registration process at said two network devices with a pair of registration triggers supported on said two network devices within a predetermined time interval of one another; transmitting registration information between said two network devices; generating a secret at at least one of said two network devices, thereby providing an authenticated communications capability between said two network devices; communicating an acknowledgement between said two network devices assuring that the secret is shared between said two network devices; monitoring said registration process for registration communications emitting from a third device; completing said registration process if no said registration communications emitting from a third device is detected; and not completing said registration process if any registration communications from a third device are detected. 2. The method of claim 1, further including a step of generating a pseudonym designating at least one of said two network devices. 3. The method of claim 1, wherein said registration information does not include a plain-text identity of at least one of said two network devices, thereby making said registration process at least partially hidden. 4. The method of claim 1, wherein registration information includes PIN number information. 5. A system capable of securely registering a device, comprising: a server supporting a first part of a registration process; a network device supporting a second part of a registration process; a communications link coupling said server to said network device; a pair of registration triggers, said server and said network device each supporting one of said pair of registration triggers, wherein activation of said pair of registration triggers within a predetermined time interval launches said first and second parts of the registration processes, which then communicate with each other through said communications link; a set of registration data exchanged between said server and said network device over said communications link after the launching of said first and second parts of the registration process; a cryptographic secret formed at at least one of said server and said network device and shared between said server and said network device, thereby facilitating authentic communications between said server and said network device; a database that stores said registration data and said cryptographic secret; and a monitoring system that detects a registration signal that might emanate from a third device, whereby detection of any said registration signal from said third device prevents registration of said network device as part of said registration process. 6. The system of claim 5, wherein registration of said network device includes the use of a PIN number. 7. The system of claim 5, further including a step of generating a pseudonym for at least one of said server and said network device. 8. The system of claim 5, wherein said registration data for at least one of said server and said network device does not include a plain-text device identifier, thereby making said registration process at least partially hidden. 9. The method of claim 1, wherein the launching of a registration process at said two network devices with a pair of registration triggers supported on said two network devices within a predetermined time interval of one another comprises launching of a registration process on a Wi-Fi network device. 10. The method of claim 1, wherein the launching of a registration process at said two network devices with a pair of registration triggers supported on said two network devices within a predetermined time interval of one another comprises launching of a registration process on a network device that is at least one of a server, wireless printer, wireless computer, or a network access point. 11. The method of claim 1, wherein the generating of a secret at at least one of said two network devices is performed without pre-registration knowledge of information associated with the other network device. 12. The system of claim 5, wherein the network device is a Wi-Fi network device. 13. The system of claim 5, wherein the network device is at least one of a wireless printer, wireless computer, or a network access point. 14. The system of claim 5, wherein the cryptographic secret formed at at least one of said server and said network device and shared between said server and said network device is formed without pre-registration knowledge of information associated with the other network device.