Secure and efficient domain key distribution for device registration
IPC분류정보
국가/구분
United States(US) Patent
등록
국제특허분류(IPC7판)
H04L-009/32
G06F-021/00
G06F-015/16
G06F-007/04
H04K-001/00
출원번호
US-0344997
(2008-12-29)
등록번호
US-8504836
(2013-08-06)
발명자
/ 주소
Zhang, Jiang
Medvinsky, Alexander
출원인 / 주소
Motorola Mobility LLC
인용정보
피인용 횟수 :
3인용 특허 :
18
초록▼
A domain key is securely distributed from a device in an existing network to a device outside the network. Each device generates the session key on its own using the first random number, the second random number, the Personal Identification Number, and the same key generation function. The device in
A domain key is securely distributed from a device in an existing network to a device outside the network. Each device generates the session key on its own using the first random number, the second random number, the Personal Identification Number, and the same key generation function. The device in the existing network sends the domain key encrypted with the session key to the other device.
대표청구항▼
1. A method of transferring a domain key between a first device and a second device in a network, the method comprising: verifying the second device is an authorized device through certificates, wherein the second device verifies the first device is an authorized device though the certificates;recei
1. A method of transferring a domain key between a first device and a second device in a network, the method comprising: verifying the second device is an authorized device through certificates, wherein the second device verifies the first device is an authorized device though the certificates;receiving, at the first device, a first random number from the second device, wherein the first random number is encrypted;determining a second random number at the first device; sending the second random number from the first device to the second device;generating a Personal Identification Number (PIN) at the first device;in response to generating the PIN, outputting instructions, by the first device, that instruct a user entry of the PIN in the second device, wherein the PIN is generated and the instructions are output after the verifying;generating a session key from the first random number, the second random number, and the PIN; andsending the domain key encrypted with the session key from the first device to the second device or receiving the domain key encrypted with the session key from the second device to the first device. 2. The method of claim 1, further comprising: allowing one of the first device or the second device to join a domain of the second device or the first device, respectively, and if the second device generates a same session key as the first device, the second device is operable to use the session key to encrypt and decrypt the domain key from the first device. 3. The method of claim 1, wherein the second device uses a manually-entered PIN to verify the first device or the second device is an authorized device, wherein the first device or the second device is introduced to the network. 4. The method of claim 1, wherein verifying the second device and the first device are authorized devices comprises: exchanging certificates between the first and second device to verify the second device and the first device are authorized devices. 5. The method of claim 1, wherein the first random number received from the second device is encrypted using a public key of the first device, and the method further comprises: decrypting the first random number for use in session key generation. 6. The method of claim 1, wherein sending the second random number from the first device to the second device further comprises: encrypting the second random number using a public key of the first device; andsending the encrypted second random number to the second device, wherein the second device decrypts the second random number using a private key of the second device to generate the session key. 7. The method of claim 1, wherein the PIN is a random value. 8. The method of claim 1, wherein the PIN is a previously assigned non-random value. 9. The method of claim 7, wherein determining the PIN further comprises: determining the PIN from random data received from the second device. 10. The method of claim 1, wherein the PIN is manually entered in the second device, and the manually-entered PIN is used by the second device to generate the session key. 11. The method of claim 1, wherein the first device and the second device comprise a sink device and a source device or two source devices in a Wireless Home Digital Interface (WHDI) network. 12. The method of claim 1, wherein the first device and the second device comprise two source devices in a Wireless Home Digital Interface (WHDI) network. 13. A non-transitory computer readable storage medium storing at least one computer program that when executed performs a method of transferring a domain key during a device registration between a first device and a second device in a network, the method comprising: verifying the second device is an authorized device through an exchange of certificates, wherein the second device verifies the first device is an authorized device though the exchange of certificates;receiving, at the first device, a first random number from the second device, wherein the first random number is encrypted;determining a second random number at the first device;sending the second random number from the first device to the second device;generating a Personal Identification Number (PIN) at the first device;in response to generating the PIN, outputting instructions, by the first device, that instruct a instructing user entry of the PIN in the second device, wherein the PIN is generated and the instructions are output after the verifying;generating a session key from the first random number, the second random number, and the PIN; andsending the domain key encrypted with the session key from the first device to the second device or receiving the domain key encrypted with the session key from the second device to the first device. 14. The non-transitory computer readable storage medium of claim 13, the method further comprises: allowing one of the first device or the second device to join a domain of the second device or the first device, respectively, and if the second device generates a same session key as the first device, the second device is operable to use the session key to encrypt and decrypt the domain key from the first device. 15. The non-transitory computer readable storage medium of claim 13, wherein the second device uses a manually-entered PIN in the second device to verify the first device or the second device is an authorized device, wherein the first device or the second device is introduced to the network. 16. The non-transitory computer readable storage medium of claim 13, wherein the method of verifying the second device and the first device are authorized devices further comprises: exchanging certificates between the first and second device to verify the second device and the first device are authorized devices. 17. The non-transitory computer readable storage medium of claim 13, wherein the first random number received from the second device is encrypted using a public key of the first device, and the method further comprises: decrypting the first random number for use in session key generation. 18. The non-transitory computer readable storage medium of claim 13, wherein the method of sending the second random number from the first device to the second device further comprises: encrypting the second random number using a public key of the first device; andsending the encrypted second random number to the second device, wherein the second device decrypts the second random number using a private key of the second device to generate the session key. 19. The non-transitory computer readable storage medium of claim 13, wherein the method of determining the PIN further comprises: determining the PIN from random data received from the second device. 20. A device configured to communicate with a new device in a wireless network, the device comprising: an interface configured to wirelessly transfer a domain key to the new device, wherein the domain key is encrypted at the device and is decrypted at the new device;a processor configured to: verifying the new device is an authorized device through an exchange of certificates, wherein the new device verifies the device is an authorized device though the exchange of certificates,receiving a first random number from the new device, wherein the first random number is encrypted,determining a second random number,sending the second random number to the new device,randomly generate a PIN,in response to generating the PIN, outputting instructions that instruct a user entry of the PIN in the new device, wherein the PIN is generated and the instructions are output after the verifying,derive a session key of the device from the first random number, the second random number, and the PIN, andexchange the session key of the device with a session key of the new device, and verify the session key of the new device,send the domain key encrypted with the session key to the new device or receiving the domain key encrypted with the session key from the new device;anda data storage storing the PIN, the session keys and the domain key.
연구과제 타임라인
LOADING...
LOADING...
LOADING...
LOADING...
LOADING...
이 특허에 인용된 특허 (18)
Gelvin, David C.; Girod, Lewis D.; Kaiser, William J.; Merrill, William M.; Newberg, Fredric; Pottie, Gregory J.; Sipos, Anton I.; Vardhan, Sandeep, Apparatus for internetworked hybrid wireless integrated network sensors (WINS).
Shteyn Yevgeniy Eugene, Method and apparatus for a low data-rate network to be represented on and controllable by high data-rate home audio/video interoperability (HAVi) network.
Ertin,Emre; Pratt,Richard M.; Hughes,Michael A.; Priddy,Kevin L.; Lechelt,Wayne M., Method of simultaneously reading multiple radio frequency tags, RF tags, and RF reader.
Knibbeler, Charles Leonardus Corenlius Maria; Staring, Antonius Adriaan Maria; Treffers, Menno Anne; Frimout, Emmanuel David Lucas Michael; Bernsen, Johannes Arnoldus Cornelis, Proximity check server.
Koga, Kifumi, Service apparatus, method of controlling switching of connection destination of client apparatus by service apparatus, and storage medium readable by machine.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.