US20150245204A1 - Device authentication - Google Patents

Device authentication Download PDF

Info

Publication number
US20150245204A1
US20150245204A1 US14/316,404 US201414316404A US2015245204A1 US 20150245204 A1 US20150245204 A1 US 20150245204A1 US 201414316404 A US201414316404 A US 201414316404A US 2015245204 A1 US2015245204 A1 US 2015245204A1
Authority
US
United States
Prior art keywords
message
wireless communications
communications protocol
authorisation code
value
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Abandoned
Application number
US14/316,404
Inventor
Robin Heydon
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Qualcomm Technologies International Ltd
Original Assignee
Cambridge Silicon Radio Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from GB1403312.0A external-priority patent/GB2515853B/en
Priority claimed from GB1403314.6A external-priority patent/GB2512733B/en
Application filed by Cambridge Silicon Radio Ltd filed Critical Cambridge Silicon Radio Ltd
Assigned to CAMBRIDGE SILICON RADIO LIMITED reassignment CAMBRIDGE SILICON RADIO LIMITED ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: HEYDON, ROBIN
Publication of US20150245204A1 publication Critical patent/US20150245204A1/en
Assigned to QUALCOMM TECHNOLOGIES INTERNATIONAL, LTD. reassignment QUALCOMM TECHNOLOGIES INTERNATIONAL, LTD. CHANGE OF NAME (SEE DOCUMENT FOR DETAILS). Assignors: CAMBRIDGE SILICON RADIO LIMITED
Abandoned legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/44Program or device authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/71Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
    • G06F21/73Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information by creating or determining hardware identification, e.g. serial numbers
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/71Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
    • G06F21/76Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in application-specific integrated circuits [ASIC] or field-programmable devices, e.g. field-programmable gate arrays [FPGA] or programmable logic devices [PLD]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q10/00Administration; Management
    • G06Q10/08Logistics, e.g. warehousing, loading or distribution; Inventory or stock management
    • G06Q10/083Shipping
    • G06Q10/0833Tracking
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04BTRANSMISSION
    • H04B7/00Radio transmission systems, i.e. using radiation field
    • H04B7/14Relay systems
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04HBROADCAST COMMUNICATION
    • H04H20/00Arrangements for broadcast or for distribution combined with broadcast
    • H04H20/65Arrangements characterised by transmission systems for broadcast
    • H04H20/71Wireless systems
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/0803Configuration setting
    • H04L41/0813Configuration setting characterised by the conditions triggering a change of settings
    • H04L41/082Configuration setting characterised by the conditions triggering a change of settings the condition being updates or upgrades of network functionality
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/0803Configuration setting
    • H04L41/084Configuration by using pre-existing information, e.g. using templates or copying from other elements
    • H04L41/0846Configuration by using pre-existing information, e.g. using templates or copying from other elements based on copy from other elements
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/085Retrieval of network configuration; Tracking network configuration history
    • H04L41/0853Retrieval of network configuration; Tracking network configuration history by actively collecting configuration information or by backing up configuration information
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/12Discovery or management of network topologies
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/14Network analysis or design
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/06Generation of reports
    • H04L43/065Generation of reports related to network devices
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/08Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters
    • H04L43/0805Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters by checking availability
    • H04L43/0817Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters by checking availability by checking functioning
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/08Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters
    • H04L43/0852Delays
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/08Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters
    • H04L43/0876Network utilisation, e.g. volume of load or congestion level
    • H04L43/0882Utilisation of link capacity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/10Active monitoring, e.g. heartbeat, ping or trace-route
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/02Topology update or discovery
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L47/00Traffic control in data switching networks
    • H04L47/10Flow control; Congestion control
    • H04L47/11Identifying congestion
    • H04L47/115Identifying congestion using a dedicated packet
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L47/00Traffic control in data switching networks
    • H04L47/10Flow control; Congestion control
    • H04L47/16Flow control; Congestion control in connection oriented networks, e.g. frame relay
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L49/00Packet switching elements
    • H04L49/15Interconnection of switching modules
    • H04L49/1553Interconnection of ATM switching modules, e.g. ATM switching fabrics
    • H04L49/1584Full Mesh, e.g. knockout
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L5/00Arrangements affording multiple use of the transmission path
    • H04L5/003Arrangements for allocating sub-channels of the transmission path
    • H04L5/0053Allocation of signaling, i.e. of overhead other than pilot signals
    • H04L5/0055Physical resource allocation for ACK/NACK
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/061Network architectures or network communication protocols for network security for supporting key management in a packet data network for key exchange, e.g. in peer-to-peer networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0853Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1475Passive attacks, e.g. eavesdropping or listening without modification of the traffic monitored
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1491Countermeasures against malicious traffic using deception as countermeasure, e.g. honeypots, honeynets, decoys or entrapment
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/18Network architectures or network communication protocols for network security using different networks or channels, e.g. using out of band channels
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/2866Architectures; Arrangements
    • H04L67/30Profiles
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/22Parsing or analysis of headers
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0877Generation of secret information including derivation or calculation of cryptographic keys or passwords using additional device, e.g. trusted platform module [TPM], smartcard, USB or hardware security module [HSM]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/50Secure pairing of devices
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W16/00Network planning, e.g. coverage or traffic planning tools; Network deployment, e.g. resource partitioning or cells structures
    • H04W16/18Network planning tools
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W24/00Supervisory, monitoring or testing arrangements
    • H04W24/06Testing, supervising or monitoring using simulated traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/02Services making use of location information
    • H04W4/029Location-based management or tracking services
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/06Selective distribution of broadcast services, e.g. multimedia broadcast multicast service [MBMS]; Services to user groups; One-way selective calling services
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/30Services specially adapted for particular environments, situations or purposes
    • H04W4/38Services specially adapted for particular environments, situations or purposes for collecting sensor information
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/70Services for machine-to-machine communication [M2M] or machine type communication [MTC]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/80Services using short range communication, e.g. near-field communication [NFC], radio-frequency identification [RFID] or low energy communication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W40/00Communication routing or communication path finding
    • H04W40/24Connectivity information management, e.g. connectivity discovery or connectivity update
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W52/00Power management, e.g. TPC [Transmission Power Control], power saving or power classes
    • H04W52/02Power saving arrangements
    • H04W52/0209Power saving arrangements in terminal devices
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W52/00Power management, e.g. TPC [Transmission Power Control], power saving or power classes
    • H04W52/02Power saving arrangements
    • H04W52/0209Power saving arrangements in terminal devices
    • H04W52/0225Power saving arrangements in terminal devices using monitoring of external events, e.g. the presence of a signal
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W52/00Power management, e.g. TPC [Transmission Power Control], power saving or power classes
    • H04W52/02Power saving arrangements
    • H04W52/0209Power saving arrangements in terminal devices
    • H04W52/0251Power saving arrangements in terminal devices using monitoring of local events, e.g. events related to user activity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W52/00Power management, e.g. TPC [Transmission Power Control], power saving or power classes
    • H04W52/02Power saving arrangements
    • H04W52/0209Power saving arrangements in terminal devices
    • H04W52/0261Power saving arrangements in terminal devices managing power supply demand, e.g. depending on battery level
    • H04W52/0274Power saving arrangements in terminal devices managing power supply demand, e.g. depending on battery level by switching on or off the equipment or parts thereof
    • H04W52/028Power saving arrangements in terminal devices managing power supply demand, e.g. depending on battery level by switching on or off the equipment or parts thereof switching on or off only a part of the equipment circuit blocks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W52/00Power management, e.g. TPC [Transmission Power Control], power saving or power classes
    • H04W52/04TPC
    • H04W52/38TPC being performed in particular situations
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W64/00Locating users or terminals or network equipment for network management purposes, e.g. mobility management
    • H04W64/003Locating users or terminals or network equipment for network management purposes, e.g. mobility management locating network equipment
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W72/00Local resource management
    • H04W72/12Wireless traffic scheduling
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W72/00Local resource management
    • H04W72/20Control channels or signalling for resource management
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W76/00Connection management
    • H04W76/10Connection setup
    • H04W76/11Allocation or use of connection identifiers
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W76/00Connection management
    • H04W76/10Connection setup
    • H04W76/14Direct-mode setup
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W8/00Network data management
    • H04W8/22Processing or transfer of terminal data, e.g. status or physical capabilities
    • H04W8/24Transfer of terminal data
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W8/00Network data management
    • H04W8/22Processing or transfer of terminal data, e.g. status or physical capabilities
    • H04W8/24Transfer of terminal data
    • H04W8/245Transfer of terminal data from a network towards a terminal
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W84/00Network topologies
    • H04W84/18Self-organising networks, e.g. ad-hoc networks or sensor networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W88/00Devices specially adapted for wireless communication networks, e.g. terminals, base stations or access point devices
    • H04W88/02Terminal devices
    • H04W88/04Terminal devices adapted for relaying to or from another terminal or user
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W88/00Devices specially adapted for wireless communication networks, e.g. terminals, base stations or access point devices
    • H04W88/02Terminal devices
    • H04W88/06Terminal devices adapted for operation in multiple networks or having at least two operational modes, e.g. multi-mode terminals
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W92/00Interfaces specially adapted for wireless communication networks
    • H04W92/02Inter-networking arrangements
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/60Context-dependent security
    • H04W12/69Identity-dependent
    • H04W12/77Graphical identity
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02ATECHNOLOGIES FOR ADAPTATION TO CLIMATE CHANGE
    • Y02A10/00TECHNOLOGIES FOR ADAPTATION TO CLIMATE CHANGE at coastal zones; at river basins
    • Y02A10/40Controlling or monitoring, e.g. of flood or hurricane; Forecasting, e.g. risk assessment or mapping
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D30/00Reducing energy consumption in communication networks
    • Y02D30/70Reducing energy consumption in communication networks in wireless communication networks

Definitions

  • This invention relates to a method for securely authenticating a device.
  • the objects in a room be capable of communicating with each other, and also potentially to be able to communicate with the internet or cloud.
  • the room may have a light, light switch, window and door. It may be desired that each of these objects be able to communicate with the others so that the home can be automated.
  • a communication device that can communicate with similar communication devices attached to other objects.
  • a large number of objects need to be able to communicate with each other.
  • the result can be a network of many communication devices, each associated with a respective object.
  • many of these objects will not have access to, or require, power themselves (for example, a window, door, packages sitting on a shelf, etc.)
  • it may be desirable for the devices that communicate on the objects' behalf to be battery-powered devices that consume only a small amount of power. It may also be desirable that these devices be able to communicate wirelessly with each other so that there is no need for cables running between them.
  • One suitable method of communication for such a network is to use a mesh networking protocol.
  • This permits a first device to send a message to a second device, which may be outside the communication range of the first device, by transmitting the message via one or more intermediate devices.
  • mesh networking protocols are typically designed around the concept of devices sending messages using complex routing tables. Such complex routing requires processing power which tends to increase power consumption of the devices.
  • Such mesh networking protocols also tend to operate according to proprietary protocols. This means devices may have to be manufactured specifically for the task of communicating according to a particular mesh network. This may be undesirable because it increases the cost of devices that might be installed in a multitude locations and/or attached to a multitude of different devices.
  • the mesh network may be especially vulnerable to attacks when new devices added to the network.
  • One possible type of attack is an “eavesdropper attack” where an attacker passively listens to messages exchanged between devices in the mesh network.
  • Another type of attack is a “man-in-the-middle attack” where an attacker intercepts messages between two devices FIG. 1 a shows how these types of attacks may be carried out when a new device is to be added to an existing mesh network.
  • a new device “B”, which may be a newly purchased light, is to join a mesh network that is configured by a configuring device “C”, which may be a smartphone belonging to the purchaser.
  • B may be required to be associated with the mesh network and C can perform that association.
  • An eavesdropper “E” can passively listen to messages exchanged between C and B.
  • a man-in-the-middle “M” can intercept messages and pretend to be C to B and pretend to be B to C and so all messages between B and C are passed through M.
  • the association process can involve C sending a network key, which allows access to the network, to B. As E and M can observe these messages, the security of the network may be compromised if E or M obtain the network key.
  • One method of preventing the eavesdropper attack by E is to encrypt messages between the B and C.
  • a single network key may be used. Because this single network key is critical to the security of the network, this network key should never be distributed to a device insecurely. Therefore, a key exchange mechanism (e.g. a Diffie-Hellman-Merkle key exchange) could be performed before the network key is distributed to a new device.
  • a key exchange mechanism e.g. a Diffie-Hellman-Merkle key exchange
  • the key exchange mechanism may not prevent a man-in-the middle attack.
  • M can intercept the messages and insert its own keys PK MB and PK MC , which are then sent to devices C and B respectively.
  • S MC S CM
  • S MB S BM
  • a method for authenticating a first device capable of operating according to a wireless communications protocol, the method comprising: at a second device, receiving a first message comprising an identifier for the first device and an authorisation code associated with the first device, the first message not being received from the first device in accordance with the wireless communications protocol; at the second device, receiving a second message comprising a value, the second message being sent from the first device in accordance with the wireless communications protocol; and authenticating the first device if the authorisation code received via the first message relates, according to a predetermined algorithm, to the received value.
  • the method may further comprise: at the second device and in response to authenticating the first device, sending an association message to the first device, the association message comprising an encrypted network key by means of which the first device can access a network comprising the second device.
  • the method may further comprise, at the second device: receiving a public key from the first device; and calculating an encryption key in dependence the received public key and a private key stored at the second device, the network key being encrypted using the encryption key.
  • the calculation may be in accordance with a Diffie-Hellman-Merkle key exchange.
  • the first message may be received via an analysis of an image.
  • the image may be a QR-Code, barcode or text representing the identifier and the authorisation code.
  • the method may further comprise, at the second device: scanning the image, the image representing a database identifier; sending, via the internet, a request message comprising the database identifier to a computer; and in response to the request, receiving, via the internet, the first message from the computer.
  • the first message may comprise one or more further identifiers and identification codes associated with respective one or more further devices.
  • the value may be dependent on an authorisation code stored at the first device.
  • the value may be different to the authorisation code.
  • the value may be calculated using the predetermined algorithm having as inputs: the authorisation code stored at the first device, a public key of the first device and a random number generated by the first device.
  • the authenticating step may comprise: receiving the random number from the first device; from the value, authorisation code and the public key, calculating a number according to the predetermined algorithm; and comparing said calculated number with the received random number and, if said numbers match, authenticating the first device.
  • the method may further comprise: at the first device, broadcasting the identifier for the first device in accordance with the communications protocol.
  • the second message may be received via a third device capable of operating according to the communications protocol.
  • the first device may be sited at a location that is out of range of transmission from the second device.
  • the second device may be capable of communicating in a mesh network.
  • the wireless communications protocol may be Bluetooth Low Energy protocol.
  • the wireless communications protocol may define a broadcast packet type, said second message may be received via a packet of the broadcast packet type.
  • a wireless communications device capable of operating according to a wireless communications protocol, the wireless communications device comprising: an input configured to receive a first message comprising an identifier for a first device and an authorisation code associated with the first device, the first message not being received from the first device in accordance with the wireless communications protocol; a transceiver capable of operating according to the wireless communications protocol and configured to receive a second message comprising a value, the second message being sent from the first device in accordance with the wireless communications protocol; a controller configured to authenticate the first device if the authorisation code received via the first message relates, according to a predetermined algorithm, to the received value.
  • the transceiver may be further configured to, in response to authenticating the first device, send an association message to the first device, the association message comprising an encrypted network key configured to allow the first device access to a network comprising the wireless communications device.
  • the transceiver may be further configured to receive a public key from the first device, the controller being further configured to calculate an encryption key in dependence the received public key and a private key stored at the wireless communications device, the network key being encrypted using the encryption key.
  • the controller may be further configured to calculate the encryption key in accordance with a Diffie-Hellman-Merkle key exchange.
  • the input may be a camera or barcode reader configured to analyse an image.
  • the image may be a QR-Code, barcode or text representing the identifier and the authorisation code.
  • the wireless communications device may further comprise a camera or barcode reader configured to analyse an image representing a database identifier, the input being a network interface capable of communicating via the internet and configured to: send, via the internet, a request message comprising the database identifier to a computer; and in response to the request, receive, via the internet, the first message from the computer.
  • a camera or barcode reader configured to analyse an image representing a database identifier
  • the input being a network interface capable of communicating via the internet and configured to: send, via the internet, a request message comprising the database identifier to a computer; and in response to the request, receive, via the internet, the first message from the computer.
  • the first message may comprise one or more further identifiers and identification codes associated with respective one or more further devices.
  • the value may be dependent on an authorisation code stored at the first device.
  • the value may be different to the authorisation code.
  • the controller may be configured to calculate the value using the predetermined algorithm having as inputs: the authorisation code stored at the first device, a public key of the first device and a random number generated by the first device.
  • the transceiver may be further configured to receive the random number from the first device; the controller may be further configured to: calculate, according to the predetermined algorithm, a number from the value, authorisation code and the public key, and compare said calculated number with the received random number and, if said numbers match, authenticate the first device.
  • the first device may be sited at a location that is out of range of transmission from the transceiver.
  • the transceiver may be capable of communicating in a mesh network.
  • the wireless communications protocol may be Bluetooth Low Energy protocol.
  • the wireless communications protocol may define a broadcast packet type, said second message being received via a packet of the broadcast packet type.
  • a wireless communications device capable of operating according to a wireless communications protocol, the wireless communications device comprising: a transceiver configured to broadcast an identifier for the device in accordance with the communications protocol; a memory configured to store an authorisation code, the transceiver being further configured to: send a first message comprising a value, the value being related, according to a predetermined algorithm, to the authorisation code; and in response to sending the first message, receive a second message comprising an encrypted network key; and a controller configured to decrypt the encrypted network key by means of which the device can access a network.
  • the device may be configured to not send the authorisation code unencrypted.
  • FIG. 1 a shows devices in a scenario in which the security of a network may be compromised:
  • FIG. 1 b shows devices in a man-in-the-middle attack scenario
  • FIG. 2 shows a method of authorising a device
  • FIG. 3 shows a message exchange for another method of authorising a device
  • FIG. 4 shows a schematic diagram of a configuring device.
  • the identity of a new device must be verified before a configuring device in the network can trust the new device.
  • a new, unverified device may not be accessible or have any form of user interface, and may possibly be a long distance from the configuring device as it may be in a mesh network, the concepts typically used in, for example. Bluetooth to “pair” devices may not be suitable.
  • each device is provided with an “authorisation secret” that is only known by that device. To allow the configuring device to verify the new device, it needs to securely obtain the authorisation secret.
  • FIG. 2 shows one method for the configuring device 201 to obtain the authorisation secret of a new device 202 that is to be added to a mesh network comprising configuring device 201 .
  • Devices 201 and 202 and the mesh network may operate according to a wireless communications protocol such as Bluetooth Low Energy.
  • the authorisation code of the new device 202 could be made available to the configuring device 201 so that new device 202 can be authenticated.
  • transmitting the authorisation code over the network would allow an eavesdropper or a MITM attacker 203 to obtain the code.
  • device 202 should not transmit its authorisation code in accordance with the protocol over the network.
  • configuring device 201 would have to acquire the authorisation code by means other than via messages sent according to the wireless communications protocol used by the new device 202 and the mesh network.
  • device 201 should not receive (directly or indirectly via an intermediate device) the authorisation code for device 202 from a message originating from device 202 , wherein the message is sent by device 202 in accordance with the wireless communication protocol of the mesh network.
  • the authorisation code may instead be obtained by the configuring device 201 using another method such as via a QR-Code or a Short Code that might be printed on the new device 202 or the packaging of the device 202 .
  • the code could be presented as a one-dimensional or two-dimensional bar code, or in some other way that permits a device to reliably interpret the code using a sensor installed on the device. That sensor could be a camera, an audio sensor, a magnetic sensor and so on.
  • the authorisation code may be conveyed to the configuring device 201 via a QR-Code.
  • the QR-Code may have encoded thereon an authorisation code and an identifier for the device 202 .
  • the authorisation code and the identifier may be unique to each device.
  • Device 202 may also have a matching authorisation code and identifier stored in a memory on the device 202 .
  • the configuring device 201 For the configuring device 201 to verify that the new device 202 is that device and not a man-in-the-middle device 203 , the configuring device 201 is required to match the identifier and authorisation code obtained via means other than via the network (such as the QR-Code) and the authorisation code and identifier stored on the device 202 without that stored information being transmitted over the mesh network.
  • the predetermined algorithm may be known to both devices 201 and 202 .
  • Device 202 sends value CONFIRM B to device 201 .
  • Device 202 can then send value RANDOM B to device 201 so that device 201 can calculate, using the same predetermined algorithm, a confirmation value from RANDOM B and the authorisation code obtained via the OR-Code.
  • CONFIRM B and RANDOM B could be sent in the same message.
  • the confirmation value calculated by device 201 matches CONFIRM B , then device 202 is verified and is therefore trusted.
  • the MITM device 203 does not know the authorisation code and thus cannot generate the correct inputs to the predetermined algorithm and thus will not be able to generate the correct RANDOM B value that will allow device 201 to arrive at the correct confirmation value CONFIRM B .
  • Additional messages may be exchanged between devices 201 and 202 to further enhance the security of the verification procedure to allow device 202 to be associated with the mesh network. Such an enhanced procedure is described with reference to the sequence chart of FIG. 3 .
  • configuring device 201 scans a QR-Code to obtain an authorisation code and an identifier (ID) for new device 202 .
  • ID an identifier
  • This information can be obtained at any time, for example by taking a picture of the QR-Code on the box that the device 202 arrived in. It could also be obtained by typing in the authorisation code into a user interface at the configuring device 201 .
  • device 202 advertises its ID by broadcasting it in accordance with the wireless protocol used by the mesh network.
  • Configuring device 201 receives this information. This information may be received via an intermediate device within the mesh network if devices 201 and 202 are out of range from each other.
  • the configuring device 201 determines that new device 202 is to be added to the network and starts a verification procedure.
  • An eavesdropper or a MITM device 203 may also observe the broadcasted ID.
  • the configuring device 201 sends its public key PK a to new device 202 and, in response at step 304 , device 202 send its public key PK b to configuring device 201 .
  • An eavesdropper may be able to receive both of these messages.
  • a MITM device 203 could have placed itself between the two devices 201 and 202 and inserted its own public keys, PK ma and PK mb into the communications in an attempt to become a man-in-the-middle.
  • configuring device 201 and the new device 202 calculate a shared secret S from their respective private keys and the peer device's public key. This may be achieved using the Diffie-Hellman-Merkle key exchange method.
  • the eavesdropper cannot calculate the shared secret because it does not have knowledge of the private keys used.
  • the MITM 203 may be able to calculate two shared secrets, one that it could use when communicating with device 201 , S ma , when pretending to be new device 202 and one that it would use when communicating with device 202 , S mb , when pretending to be the configuring device 201 .
  • the configuring device 201 sends a confirmation value CONFIRM a to new device 202 .
  • the confirmation value can be determined based on a random number RANDOM a
  • the public key of device 201 and the authorisation code obtained via the QR-Code CONFIRM a may be calculated using a predetermined algorithm.
  • new device 202 sends its confirmation value CONFIRM b to device 201 .
  • CONFIRM b can be determined based on a random number RANDOM b , the public key of device 202 and the authorisation code stored at the device 202 .
  • CONFIRM b may be calculated using the same predetermined algorithm.
  • the eavesdropper can receive the confirmation values.
  • the values do not reveal any useful information as they appear to be random numbers to the eavesdropper.
  • the MITM 203 does not know the authorisation code and therefore whilst it can generate the appropriate messages, it cannot calculate the inputs required to obtain the confirmation values.
  • the configuring device 201 sends the random number RANDOM a to new device 202 .
  • new device 202 sends random number RANDOM b to device 201 .
  • Both devices 201 and 202 can then confirm, using the predetermined algorithm, that the received random numbers, the authorisation code available to each device and the peer's public key generate the same confirmation value that was previously received.
  • the configuring device 201 has determined that the messages from the new device 202 are authentic and so new device 202 is a trusted device.
  • the eavesdropper can receive these random number messages, however it does not have the authorisation code.
  • the MITM 203 cannot generate two random numbers that, when sent, would match the confirmation values that were previously sent.
  • devices 201 and 202 are able to verify that they are communicating with each other and not a MITM device 203 .
  • the configuring device 201 sends an encrypted network key to new device 201 .
  • the network key may be encrypted using S and a concatenation of RANDOM a and RANDOM b .
  • the configuring device 201 may also send an encrypted allocated ID to new device 202 which will be its allocated ID for use within the mesh network. The eavesdropper cannot decrypt this message as it does not have knowledge of S.
  • the MITM 203 is no longer trusted by either device 201 or 202 as the MITM 203 could not generate the correct random numbers and therefore any messages from MITM 204 message will be ignored.
  • the secret key S could be used to encrypt the messages sent in any of steps 306 to 309 .
  • the new device 202 is then able to securely join the mesh network and securely send and receive messages, which may be encrypted using the network key.
  • the messages in steps 302 to 310 may be sent in accordance with the wireless communications protocol of the mesh network.
  • Devices 201 and 202 may communicate directly with each other if they are in communications range. If they are out of direct communications range with each other, then the messages may be sent via one or more intermediate devices within the mesh network which can forward the messages so that they can reach device 201 or 202 .
  • the authorisation code and device ID for a device may be assigned at manufacture and stored in the memory of the device.
  • the authorisation code and ID may be static for the lifetime of the device.
  • the authorisation code and the ID information may also be made available to a purchaser of the device so that the device can securely be added to their network.
  • the authorisation code and ID information can be made available by number of different means such as encoding the information into a QR-Code or a ShortCode and displaying it, for example, on the device or the packaging of the device.
  • the QR-Code or ShortCode may contain a URL that can provide a link to the device manufacturer's database which contains the authorisation code for the device.
  • the authorisation code and ID for the device may be received in a message sent over the internet.
  • a purchaser buys a large number of grouped devices, e.g. a group of lights, that are to be connected to a mesh network, it may be time consuming to scan the QR-Code for each individual light.
  • the purchaser can scan in the QR-Code, which contains a group identifier and links to the manufacturer's database, e.g. via the internet, to allow a configuring device 201 to communicate with the database and extract all the authorisation codes and associated IDs for each light in that group.
  • the received authorisation codes and ID can then be used to verify each device as described above.
  • FIG. 4 shows an example schematic of a configuring device 201 .
  • the configuring device 201 may comprise a transceiver 401 , a scanner 402 , a network interface 403 and a controller 404 .
  • the configuring device 201 may be a smartphone, tablet, laptop, a computer, etc.
  • the transceiver 401 may be configured to operate according to a wireless communication protocol such as Bluetooth low energy and is able to wirelessly send and receive messages over the mesh network.
  • a wireless communication protocol such as Bluetooth low energy
  • the scanner 402 may be any suitable device that is capable reading an image such as a OR-Code or barcode or text.
  • the scanner 202 may be a camera that can capture an image of a QR-Code or barcode or text.
  • the image may be analysed by, for example, the controller 404 to decode and retrieve the information in the QR-Code or barcode. If the captured image is of text, the controller 404 may perform character recognition on the image to extract the information in the text.
  • the scanner 402 is capable of receiving a message coded in the image which may contain an authorisation code and ID of a device.
  • the scanner 402 may be a barcode reader which is capable of scanning and decoding QR-Code and/or barcodes and providing the decoded information to the controller 404 .
  • the information could be stored on a short-range NFC device or RFID tag on the new device 202 or the packaging of the new device.
  • the scanner 402 may then be a NFC or RFID reader which is capable of reading and extracting the information stored on the NFC device or RFID tag.
  • the message coded in the image may be a link to a database containing the authorisation code and ID of a device.
  • the controller 404 may access the database via the network interface 403 .
  • the network interface 403 may be, for example, a WiFi or mobile data interface which allows connection to the internet.
  • the controller 404 may request, via the internet, one or more authorisation codes and associated IDs based on the information retrieved using the scanner 402 .
  • the database may send the configuring device 201 , via the internet, the one or more of the requested authorisation codes and associated ID and is received via the network interface 403 .
  • the controller 404 can control the transceiver 401 , scanner 402 and network interface 403 to carry out the verification procedure described above.
  • the controller 404 can be configured to cause the configuring device 201 to carry out the verification and messaging procedures described above.
  • the controller 404 may be configured to carry out the processing described above such as calculating the confirmation values and encryption keys, generating random numbers, comparing the values, etc.
  • the new device 202 may be used with appliances such as light switches, lights, sensors, fire alarms, sensors, thermostats, etc.
  • the new device 202 may comprise a transceiver configured to operate according to a wireless communication protocol such as Bluetooth low energy.
  • the new device 202 may also comprise a memory configured to store data such as the authentication code and device ID, network key, allocated ID, etc.
  • the new device 202 may also comprise a controller that is configured to cause the new device 202 to carry out the verification and messaging procedures described above.
  • the controller and/or transceiver can be configured to cause the new device 202 to not send the authorisation code via transceiver, unless it is encrypted.
  • Devices 201 and 202 may be wireless communication devices that operate according to the same wireless communication protocol.
  • the wireless communication protocol could be a relatively short-range protocol.
  • the effective range of each device could be less than 25 m. That characteristic can permit the devices to use less power for transmitting and/or receiving than would be expected in a longer range protocol.
  • the devices could operate according to the Bluetooth protocol, specifically the Bluetooth Low Energy (BLE) protocol.
  • BLE Bluetooth Low Energy
  • the devices could use other protocols, for instance IEEE 802.11.
  • the devices described above could form a mesh network with other wireless communication devices.
  • the devices could be configured to forward some or all messages they receive.
  • the messages could be sent and received via a broadcast packet type defined in the wireless communication protocol. All the devices in the network could be peers in that they have identical roles at a network level.
  • Devices 201 and 202 could operate according to two different wireless communications protocols, e.g. BLE and IEEE 802.11.
  • Devices 201 and 202 may be connected via an IEEE 802.11 network, which can allow secure communication between the two devices.
  • New device 202 may then wish to join a mesh network (that comprises device 201 ) that is operating according to the BLE protocol.
  • Device 202 may securely transmit a message comprising its authentication code and ID via IEEE 802.11 to device 201 .
  • Device 201 can trust this message as it is sent over a secure IEEE 802.11 channel and can use the authentication code received via IEEE 802.11 (instead of via the QR-Code, for example) in the authentication procedure described above for adding the new device 202 to the BLE mesh network.
  • the devices configured in accordance with the examples described herein could be embodied in hardware, software or any suitable combination of hardware and software.
  • the receiving device of the examples described herein could comprise, for example, software for execution at one or more processors (such as at a CPU and/or GPU), and/or one or more dedicated processors (such as ASICs), and/or one or more programmable processors (such as FPGAs) suitably programmed so as to provide functionalities of the data processing system, and/or heterogeneous processors comprising one or more dedicated, programmable and general purpose processing functionalities.
  • the devices comprise one or more processors and one or more memories having program code stored thereon, the data processors and the memories being such as to, in combination, provide the claimed data processing systems and/or perform the claimed methods.
  • Data processing units described herein need not be provided as discrete units and represent functionalities that could (a) be combined in any manner, and (b) themselves comprise one or more data processing entities.
  • Data processing units could be provided by any suitable hardware or software functionalities, or combinations of hardware and software functionalities.
  • Any one of more of the methods described herein could be performed by one or more physical processing units executing program code that causes the unit(s) to perform the data processing methods.
  • Each physical processing unit could be any suitable processor, such as a CPU or GPU (or a core thereof), or fixed function or programmable hardware.
  • the program code could be stored in non-transitory form at a machine readable medium such as an integrated circuit memory, or optical or magnetic storage.
  • a machine readable medium might comprise several memories, such as on-chip memories, computer working memories, and non-volatile storage devices.

Landscapes

  • Engineering & Computer Science (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computing Systems (AREA)
  • Business, Economics & Management (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Economics (AREA)
  • Environmental & Geological Engineering (AREA)
  • Software Systems (AREA)
  • Entrepreneurship & Innovation (AREA)
  • Operations Research (AREA)
  • Tourism & Hospitality (AREA)
  • Quality & Reliability (AREA)
  • Development Economics (AREA)
  • Marketing (AREA)
  • Human Resources & Organizations (AREA)
  • General Business, Economics & Management (AREA)
  • Strategic Management (AREA)
  • General Health & Medical Sciences (AREA)
  • Cardiology (AREA)
  • Health & Medical Sciences (AREA)
  • Multimedia (AREA)
  • Databases & Information Systems (AREA)
  • Mathematical Physics (AREA)
  • Microelectronics & Electronic Packaging (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Information Transfer Between Computers (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Storage Device Security (AREA)
  • Telephone Function (AREA)

Abstract

A method for authenticating a first device capable of operating according to a wireless communications protocol, the method comprising: at a second device, receiving a first message comprising an identifier for the first device and an authorisation code associated with the first device, the first message not being received from the first device in accordance with the wireless communications protocol; at the second device, receiving a second message comprising a value, the second message being sent from the first device in accordance with the wireless communications protocol; and authenticating the first device if the authorisation code received via the first message relates, according to a predetermined algorithm, to the received value.

Description

    TECHNICAL FIELD
  • This invention relates to a method for securely authenticating a device.
    • BACKGROUND OF THE INVENTION
  • There is an increasing need for a variety of objects to be equipped with the ability to send and receive messages. In the case of a home, for example, it may be desirable that the objects in a room be capable of communicating with each other, and also potentially to be able to communicate with the internet or cloud. For example, the room may have a light, light switch, window and door. It may be desired that each of these objects be able to communicate with the others so that the home can be automated.
  • To enable objects to communicate, they may be equipped with a communication device that can communicate with similar communication devices attached to other objects. For this architecture to be of greatest use, a large number of objects need to be able to communicate with each other. The result can be a network of many communication devices, each associated with a respective object. As many of these objects will not have access to, or require, power themselves (for example, a window, door, packages sitting on a shelf, etc.), it may be desirable for the devices that communicate on the objects' behalf to be battery-powered devices that consume only a small amount of power. It may also be desirable that these devices be able to communicate wirelessly with each other so that there is no need for cables running between them.
  • One suitable method of communication for such a network is to use a mesh networking protocol. This permits a first device to send a message to a second device, which may be outside the communication range of the first device, by transmitting the message via one or more intermediate devices. Historically, mesh networking protocols are typically designed around the concept of devices sending messages using complex routing tables. Such complex routing requires processing power which tends to increase power consumption of the devices. Such mesh networking protocols also tend to operate according to proprietary protocols. This means devices may have to be manufactured specifically for the task of communicating according to a particular mesh network. This may be undesirable because it increases the cost of devices that might be installed in a multitude locations and/or attached to a multitude of different devices.
  • Another consideration is to provide adequate security to the mesh network against potential attackers. The mesh network may be especially vulnerable to attacks when new devices added to the network. One possible type of attack is an “eavesdropper attack” where an attacker passively listens to messages exchanged between devices in the mesh network. Another type of attack is a “man-in-the-middle attack” where an attacker intercepts messages between two devices FIG. 1 a shows how these types of attacks may be carried out when a new device is to be added to an existing mesh network.
  • A new device “B”, which may be a newly purchased light, is to join a mesh network that is configured by a configuring device “C”, which may be a smartphone belonging to the purchaser. B may be required to be associated with the mesh network and C can perform that association. An eavesdropper “E” can passively listen to messages exchanged between C and B. Also, a man-in-the-middle “M” can intercept messages and pretend to be C to B and pretend to be B to C and so all messages between B and C are passed through M. The association process can involve C sending a network key, which allows access to the network, to B. As E and M can observe these messages, the security of the network may be compromised if E or M obtain the network key.
  • One method of preventing the eavesdropper attack by E is to encrypt messages between the B and C. To allow any device within the network to send and receive messages from any other device in the network, a single network key may be used. Because this single network key is critical to the security of the network, this network key should never be distributed to a device insecurely. Therefore, a key exchange mechanism (e.g. a Diffie-Hellman-Merkle key exchange) could be performed before the network key is distributed to a new device.
  • However, the key exchange mechanism may not prevent a man-in-the middle attack. As shown in FIG. 1 b, when devices B and C send their public keys PKB and PKC respectively, M can intercept the messages and insert its own keys PKMB and PKMC, which are then sent to devices C and B respectively. Device M can then calculate two sets of secret keys SMC=SCM and SMB=SBM that would be used for communication between devices C and B through device M. Thus the security of the network may still be compromised using known key exchange mechanisms.
  • There is therefore a need for improving the security of a mesh network.
    • SUMMARY OF THE INVENTION
  • According to a first aspect there is provided a method for authenticating a first device capable of operating according to a wireless communications protocol, the method comprising: at a second device, receiving a first message comprising an identifier for the first device and an authorisation code associated with the first device, the first message not being received from the first device in accordance with the wireless communications protocol; at the second device, receiving a second message comprising a value, the second message being sent from the first device in accordance with the wireless communications protocol; and authenticating the first device if the authorisation code received via the first message relates, according to a predetermined algorithm, to the received value.
  • The method may further comprise: at the second device and in response to authenticating the first device, sending an association message to the first device, the association message comprising an encrypted network key by means of which the first device can access a network comprising the second device.
  • The method may further comprise, at the second device: receiving a public key from the first device; and calculating an encryption key in dependence the received public key and a private key stored at the second device, the network key being encrypted using the encryption key.
  • The calculation may be in accordance with a Diffie-Hellman-Merkle key exchange.
  • The first message may be received via an analysis of an image.
  • The image may be a QR-Code, barcode or text representing the identifier and the authorisation code.
  • The method may further comprise, at the second device: scanning the image, the image representing a database identifier; sending, via the internet, a request message comprising the database identifier to a computer; and in response to the request, receiving, via the internet, the first message from the computer.
  • The first message may comprise one or more further identifiers and identification codes associated with respective one or more further devices.
  • The value may be dependent on an authorisation code stored at the first device.
  • The value may be different to the authorisation code.
  • The value may be calculated using the predetermined algorithm having as inputs: the authorisation code stored at the first device, a public key of the first device and a random number generated by the first device.
  • The authenticating step may comprise: receiving the random number from the first device; from the value, authorisation code and the public key, calculating a number according to the predetermined algorithm; and comparing said calculated number with the received random number and, if said numbers match, authenticating the first device.
  • The method may further comprise: at the first device, broadcasting the identifier for the first device in accordance with the communications protocol.
  • The second message may be received via a third device capable of operating according to the communications protocol.
  • The first device may be sited at a location that is out of range of transmission from the second device.
  • The second device may be capable of communicating in a mesh network.
  • The wireless communications protocol may be Bluetooth Low Energy protocol.
  • The wireless communications protocol may define a broadcast packet type, said second message may be received via a packet of the broadcast packet type.
  • According to a second aspect there is provided a wireless communications device capable of operating according to a wireless communications protocol, the wireless communications device comprising: an input configured to receive a first message comprising an identifier for a first device and an authorisation code associated with the first device, the first message not being received from the first device in accordance with the wireless communications protocol; a transceiver capable of operating according to the wireless communications protocol and configured to receive a second message comprising a value, the second message being sent from the first device in accordance with the wireless communications protocol; a controller configured to authenticate the first device if the authorisation code received via the first message relates, according to a predetermined algorithm, to the received value.
  • The transceiver may be further configured to, in response to authenticating the first device, send an association message to the first device, the association message comprising an encrypted network key configured to allow the first device access to a network comprising the wireless communications device.
  • The transceiver may be further configured to receive a public key from the first device, the controller being further configured to calculate an encryption key in dependence the received public key and a private key stored at the wireless communications device, the network key being encrypted using the encryption key.
  • The controller may be further configured to calculate the encryption key in accordance with a Diffie-Hellman-Merkle key exchange.
  • The input may be a camera or barcode reader configured to analyse an image.
  • The image may be a QR-Code, barcode or text representing the identifier and the authorisation code.
  • The wireless communications device may further comprise a camera or barcode reader configured to analyse an image representing a database identifier, the input being a network interface capable of communicating via the internet and configured to: send, via the internet, a request message comprising the database identifier to a computer; and in response to the request, receive, via the internet, the first message from the computer.
  • The first message may comprise one or more further identifiers and identification codes associated with respective one or more further devices.
  • The value may be dependent on an authorisation code stored at the first device.
  • The value may be different to the authorisation code.
  • The controller may be configured to calculate the value using the predetermined algorithm having as inputs: the authorisation code stored at the first device, a public key of the first device and a random number generated by the first device.
  • The transceiver may be further configured to receive the random number from the first device; the controller may be further configured to: calculate, according to the predetermined algorithm, a number from the value, authorisation code and the public key, and compare said calculated number with the received random number and, if said numbers match, authenticate the first device.
  • The first device may be sited at a location that is out of range of transmission from the transceiver.
  • The transceiver may be capable of communicating in a mesh network.
  • The wireless communications protocol may be Bluetooth Low Energy protocol.
  • The wireless communications protocol may define a broadcast packet type, said second message being received via a packet of the broadcast packet type.
  • According to a third aspect there is provided a wireless communications device capable of operating according to a wireless communications protocol, the wireless communications device comprising: a transceiver configured to broadcast an identifier for the device in accordance with the communications protocol; a memory configured to store an authorisation code, the transceiver being further configured to: send a first message comprising a value, the value being related, according to a predetermined algorithm, to the authorisation code; and in response to sending the first message, receive a second message comprising an encrypted network key; and a controller configured to decrypt the encrypted network key by means of which the device can access a network.
  • The device may be configured to not send the authorisation code unencrypted.
    • BRIEF DESCRIPTION OF THE DRAWINGS
  • The present invention will now be described by way of example with reference to the accompanying drawings. In the drawings:
  • FIG. 1 a shows devices in a scenario in which the security of a network may be compromised:
  • FIG. 1 b shows devices in a man-in-the-middle attack scenario;
  • FIG. 2 shows a method of authorising a device;
  • FIG. 3 shows a message exchange for another method of authorising a device; and
  • FIG. 4 shows a schematic diagram of a configuring device.
    •  DETAILED DESCRIPTION
  • The following description is presented to enable any person skilled in the art to make and use the invention, and is provided in the context of a particular application. Various modifications to the disclosed embodiments will be readily apparent to those skilled in the art.
  • The general principles defined herein may be applied to other embodiments and applications without departing from the spirit and scope of the present invention. Thus, the present invention is not intended to be limited to the embodiments shown, but is to be accorded the widest scope consistent with the principles and features disclosed herein.
  • To protect against man-in-the-middle (MITM) attacks, the identity of a new device must be verified before a configuring device in the network can trust the new device. Given that a new, unverified device may not be accessible or have any form of user interface, and may possibly be a long distance from the configuring device as it may be in a mesh network, the concepts typically used in, for example. Bluetooth to “pair” devices may not be suitable. To verify the identity of new devices, each device is provided with an “authorisation secret” that is only known by that device. To allow the configuring device to verify the new device, it needs to securely obtain the authorisation secret.
  • FIG. 2 shows one method for the configuring device 201 to obtain the authorisation secret of a new device 202 that is to be added to a mesh network comprising configuring device 201. Devices 201 and 202 and the mesh network may operate according to a wireless communications protocol such as Bluetooth Low Energy. The authorisation code of the new device 202 could be made available to the configuring device 201 so that new device 202 can be authenticated. However, transmitting the authorisation code over the network would allow an eavesdropper or a MITM attacker 203 to obtain the code. Thus, in order to protect against an attack, device 202 should not transmit its authorisation code in accordance with the protocol over the network. In other words, configuring device 201 would have to acquire the authorisation code by means other than via messages sent according to the wireless communications protocol used by the new device 202 and the mesh network. Thus, device 201 should not receive (directly or indirectly via an intermediate device) the authorisation code for device 202 from a message originating from device 202, wherein the message is sent by device 202 in accordance with the wireless communication protocol of the mesh network.
  • The authorisation code may instead be obtained by the configuring device 201 using another method such as via a QR-Code or a Short Code that might be printed on the new device 202 or the packaging of the device 202. The code could be presented as a one-dimensional or two-dimensional bar code, or in some other way that permits a device to reliably interpret the code using a sensor installed on the device. That sensor could be a camera, an audio sensor, a magnetic sensor and so on. As shown in the example of FIG. 2, the authorisation code may be conveyed to the configuring device 201 via a QR-Code. The QR-Code may have encoded thereon an authorisation code and an identifier for the device 202. The authorisation code and the identifier may be unique to each device. Device 202 may also have a matching authorisation code and identifier stored in a memory on the device 202. For the configuring device 201 to verify that the new device 202 is that device and not a man-in-the-middle device 203, the configuring device 201 is required to match the identifier and authorisation code obtained via means other than via the network (such as the QR-Code) and the authorisation code and identifier stored on the device 202 without that stored information being transmitted over the mesh network.
  • Device 202 can generate a random number RANDOMB and calculate a confirmation value CONFIRMB by having RANDOMB and the authorisation code as inputs to a predetermined algorithm, which may be, for example, a cryptographic hash function such as HMAC-SHA256 (e.g. CONFIRMB=HMAC (RANDOMB, authorisation code)). The predetermined algorithm may be known to both devices 201 and 202. Device 202 sends value CONFIRMB to device 201. Device 202 can then send value RANDOMB to device 201 so that device 201 can calculate, using the same predetermined algorithm, a confirmation value from RANDOMB and the authorisation code obtained via the OR-Code. CONFIRMB and RANDOMB could be sent in the same message. If the confirmation value calculated by device 201 matches CONFIRMB, then device 202 is verified and is therefore trusted. The MITM device 203 does not know the authorisation code and thus cannot generate the correct inputs to the predetermined algorithm and thus will not be able to generate the correct RANDOMB value that will allow device 201 to arrive at the correct confirmation value CONFIRMB.
  • Additional messages may be exchanged between devices 201 and 202 to further enhance the security of the verification procedure to allow device 202 to be associated with the mesh network. Such an enhanced procedure is described with reference to the sequence chart of FIG. 3.
  • At step 301, configuring device 201 scans a QR-Code to obtain an authorisation code and an identifier (ID) for new device 202. This information can be obtained at any time, for example by taking a picture of the QR-Code on the box that the device 202 arrived in. It could also be obtained by typing in the authorisation code into a user interface at the configuring device 201.
  • At step 302, device 202 advertises its ID by broadcasting it in accordance with the wireless protocol used by the mesh network. Configuring device 201 receives this information. This information may be received via an intermediate device within the mesh network if devices 201 and 202 are out of range from each other. The configuring device 201 determines that new device 202 is to be added to the network and starts a verification procedure. An eavesdropper or a MITM device 203 may also observe the broadcasted ID.
  • At step 303, the configuring device 201 sends its public key PKa to new device 202 and, in response at step 304, device 202 send its public key PKb to configuring device 201. An eavesdropper may be able to receive both of these messages. A MITM device 203 could have placed itself between the two devices 201 and 202 and inserted its own public keys, PKma and PKmb into the communications in an attempt to become a man-in-the-middle.
  • At step 305, configuring device 201 and the new device 202 calculate a shared secret S from their respective private keys and the peer device's public key. This may be achieved using the Diffie-Hellman-Merkle key exchange method. The eavesdropper cannot calculate the shared secret because it does not have knowledge of the private keys used. The MITM 203 may be able to calculate two shared secrets, one that it could use when communicating with device 201, Sma, when pretending to be new device 202 and one that it would use when communicating with device 202, Smb, when pretending to be the configuring device 201.
  • At step 306, the configuring device 201 sends a confirmation value CONFIRMa to new device 202. The confirmation value can be determined based on a random number RANDOMa, the public key of device 201 and the authorisation code obtained via the QR-Code CONFIRMa may be calculated using a predetermined algorithm. For example, the predetermined algorithm could be a cryptographic hash function such as HMAC-SHA256 with RANDOMa and a concatenation of the public key for device 201 and the authorisation code as inputs (e.g. CONFIRMa=HMAC (RANDOMa, Public key for 201 ∥ authorisation code)).
  • In response, at step 307, new device 202 sends its confirmation value CONFIRMb to device 201. CONFIRMb can be determined based on a random number RANDOMb, the public key of device 202 and the authorisation code stored at the device 202. CONFIRMb may be calculated using the same predetermined algorithm. As in the example above, the predetermined algorithm could be HMAC-SHA256 with RANDOMb and a concatenation of the public key for device 202 and the stored authorisation code as inputs (e.g. CONFIRMb=HMAC (RANDOMb, Public key for 202 ∥ authorisation code)). The eavesdropper can receive the confirmation values. However, the values do not reveal any useful information as they appear to be random numbers to the eavesdropper. The MITM 203 does not know the authorisation code and therefore whilst it can generate the appropriate messages, it cannot calculate the inputs required to obtain the confirmation values.
  • At step 308, the configuring device 201 sends the random number RANDOMa to new device 202. In response, at step 309, new device 202 sends random number RANDOMb to device 201. Both devices 201 and 202 can then confirm, using the predetermined algorithm, that the received random numbers, the authorisation code available to each device and the peer's public key generate the same confirmation value that was previously received. Thus the configuring device 201 has determined that the messages from the new device 202 are authentic and so new device 202 is a trusted device. The eavesdropper can receive these random number messages, however it does not have the authorisation code. The MITM 203 cannot generate two random numbers that, when sent, would match the confirmation values that were previously sent. Thus devices 201 and 202 are able to verify that they are communicating with each other and not a MITM device 203.
  • At step 310, the configuring device 201 sends an encrypted network key to new device 201. The network key may be encrypted using S and a concatenation of RANDOMa and RANDOMb. The configuring device 201 may also send an encrypted allocated ID to new device 202 which will be its allocated ID for use within the mesh network. The eavesdropper cannot decrypt this message as it does not have knowledge of S. The MITM 203 is no longer trusted by either device 201 or 202 as the MITM 203 could not generate the correct random numbers and therefore any messages from MITM 204 message will be ignored.
  • As well as in step 310, the secret key S could be used to encrypt the messages sent in any of steps 306 to 309.
  • Using the network key, the new device 202 is then able to securely join the mesh network and securely send and receive messages, which may be encrypted using the network key.
  • The messages in steps 302 to 310 may be sent in accordance with the wireless communications protocol of the mesh network. Devices 201 and 202 may communicate directly with each other if they are in communications range. If they are out of direct communications range with each other, then the messages may be sent via one or more intermediate devices within the mesh network which can forward the messages so that they can reach device 201 or 202.
  • The authorisation code and device ID for a device may be assigned at manufacture and stored in the memory of the device. The authorisation code and ID may be static for the lifetime of the device. The authorisation code and the ID information may also be made available to a purchaser of the device so that the device can securely be added to their network. The authorisation code and ID information can be made available by number of different means such as encoding the information into a QR-Code or a ShortCode and displaying it, for example, on the device or the packaging of the device.
  • The QR-Code or ShortCode may contain a URL that can provide a link to the device manufacturer's database which contains the authorisation code for the device. Thus the authorisation code and ID for the device may be received in a message sent over the internet. In a situation where a purchaser buys a large number of grouped devices, e.g. a group of lights, that are to be connected to a mesh network, it may be time consuming to scan the QR-Code for each individual light. Thus, there may be a single QR-Code that is associated with that group which links to a manufacturer's database. The purchaser can scan in the QR-Code, which contains a group identifier and links to the manufacturer's database, e.g. via the internet, to allow a configuring device 201 to communicate with the database and extract all the authorisation codes and associated IDs for each light in that group. The received authorisation codes and ID can then be used to verify each device as described above.
  • FIG. 4 shows an example schematic of a configuring device 201. The configuring device 201 may comprise a transceiver 401, a scanner 402, a network interface 403 and a controller 404. The configuring device 201 may be a smartphone, tablet, laptop, a computer, etc.
  • The transceiver 401 may be configured to operate according to a wireless communication protocol such as Bluetooth low energy and is able to wirelessly send and receive messages over the mesh network.
  • The scanner 402 may be any suitable device that is capable reading an image such as a OR-Code or barcode or text. For example, the scanner 202 may be a camera that can capture an image of a QR-Code or barcode or text. The image may be analysed by, for example, the controller 404 to decode and retrieve the information in the QR-Code or barcode. If the captured image is of text, the controller 404 may perform character recognition on the image to extract the information in the text. Thus the scanner 402 is capable of receiving a message coded in the image which may contain an authorisation code and ID of a device. Alternatively, the scanner 402 may be a barcode reader which is capable of scanning and decoding QR-Code and/or barcodes and providing the decoded information to the controller 404.
  • In another example, instead of encoding the authorisation code and ID information on an image, the information could be stored on a short-range NFC device or RFID tag on the new device 202 or the packaging of the new device. The scanner 402 may then be a NFC or RFID reader which is capable of reading and extracting the information stored on the NFC device or RFID tag.
  • As mentioned above, the message coded in the image may be a link to a database containing the authorisation code and ID of a device. The controller 404 may access the database via the network interface 403. The network interface 403 may be, for example, a WiFi or mobile data interface which allows connection to the internet. The controller 404 may request, via the internet, one or more authorisation codes and associated IDs based on the information retrieved using the scanner 402. In response to the request, the database may send the configuring device 201, via the internet, the one or more of the requested authorisation codes and associated ID and is received via the network interface 403.
  • The controller 404 can control the transceiver 401, scanner 402 and network interface 403 to carry out the verification procedure described above. The controller 404 can be configured to cause the configuring device 201 to carry out the verification and messaging procedures described above. The controller 404 may be configured to carry out the processing described above such as calculating the confirmation values and encryption keys, generating random numbers, comparing the values, etc.
  • The new device 202 may be used with appliances such as light switches, lights, sensors, lire alarms, sensors, thermostats, etc. The new device 202 may comprise a transceiver configured to operate according to a wireless communication protocol such as Bluetooth low energy. The new device 202 may also comprise a memory configured to store data such as the authentication code and device ID, network key, allocated ID, etc. The new device 202 may also comprise a controller that is configured to cause the new device 202 to carry out the verification and messaging procedures described above. The controller and/or transceiver can be configured to cause the new device 202 to not send the authorisation code via transceiver, unless it is encrypted.
  • Devices 201 and 202 may be wireless communication devices that operate according to the same wireless communication protocol. The wireless communication protocol could be a relatively short-range protocol. For example the effective range of each device could be less than 25 m. That characteristic can permit the devices to use less power for transmitting and/or receiving than would be expected in a longer range protocol. In one example, the devices could operate according to the Bluetooth protocol, specifically the Bluetooth Low Energy (BLE) protocol. The devices could use other protocols, for instance IEEE 802.11.
  • The devices described above could form a mesh network with other wireless communication devices. The devices could be configured to forward some or all messages they receive. The messages could be sent and received via a broadcast packet type defined in the wireless communication protocol. All the devices in the network could be peers in that they have identical roles at a network level.
  • Devices 201 and 202 could operate according to two different wireless communications protocols, e.g. BLE and IEEE 802.11. Devices 201 and 202 may be connected via an IEEE 802.11 network, which can allow secure communication between the two devices. New device 202 may then wish to join a mesh network (that comprises device 201) that is operating according to the BLE protocol. Device 202 may securely transmit a message comprising its authentication code and ID via IEEE 802.11 to device 201. Device 201 can trust this message as it is sent over a secure IEEE 802.11 channel and can use the authentication code received via IEEE 802.11 (instead of via the QR-Code, for example) in the authentication procedure described above for adding the new device 202 to the BLE mesh network.
  • The devices configured in accordance with the examples described herein could be embodied in hardware, software or any suitable combination of hardware and software. The receiving device of the examples described herein could comprise, for example, software for execution at one or more processors (such as at a CPU and/or GPU), and/or one or more dedicated processors (such as ASICs), and/or one or more programmable processors (such as FPGAs) suitably programmed so as to provide functionalities of the data processing system, and/or heterogeneous processors comprising one or more dedicated, programmable and general purpose processing functionalities. In the examples described herein, the devices comprise one or more processors and one or more memories having program code stored thereon, the data processors and the memories being such as to, in combination, provide the claimed data processing systems and/or perform the claimed methods.
  • Data processing units described herein (e.g. controller 404) need not be provided as discrete units and represent functionalities that could (a) be combined in any manner, and (b) themselves comprise one or more data processing entities. Data processing units could be provided by any suitable hardware or software functionalities, or combinations of hardware and software functionalities.
  • Any one of more of the methods described herein could be performed by one or more physical processing units executing program code that causes the unit(s) to perform the data processing methods. Each physical processing unit could be any suitable processor, such as a CPU or GPU (or a core thereof), or fixed function or programmable hardware. The program code could be stored in non-transitory form at a machine readable medium such as an integrated circuit memory, or optical or magnetic storage. A machine readable medium might comprise several memories, such as on-chip memories, computer working memories, and non-volatile storage devices.
  • The applicant hereby discloses in isolation each individual feature described herein and any combination of two or more such features, to the extent that such features or combinations are capable of being carried out based on the present specification as a whole in the light of the common general knowledge of a person skilled in the art, irrespective of whether such features or combinations of features solve any problems disclosed herein, and without limitation to the scope of the claims. The applicant indicates that aspects of the present invention may consist of any such individual feature or combination of features. In view of the foregoing description it will be evident to a person skilled in the art that various modifications may be made within the scope of the invention.

Claims (20)

1. A method for authenticating a first device capable of operating according to a wireless communications protocol, the method comprising:
at a second device, receiving a database identifier and sending a request message comprising the database identifier to a computer, the database identifier not being received from the first device in accordance with the wireless communications protocol;
at the second device, receiving a response message from the computer comprising an identifier for the first device and an authorisation code associated with the first device;
at the second device, receiving a second message comprising a value, the second message being sent from the first device in accordance with the wireless communications protocol; and
authenticating the first device if the authorisation code received via the response message relates, according to a predetermined algorithm, to the received value.
2. A method as claimed in claim 1, further comprising: at the second device and in response to authenticating the first device, sending an association message to the first device, the association message comprising an encrypted network key by means of which the first device can access a network comprising the second device.
3. A method as claimed in claim 2, further comprising, at the second device:
receiving a public key from the first device; and
calculating an encryption key in dependence the received public key and a private key stored at the second device, the network key being encrypted using the encryption key.
4. A method as claimed in claim 3, said calculation being in accordance with a Diffie-Hellman-Merkle key exchange.
5. A method as claimed in claim 1, the database identifier being received via an analysis of an image.
6. A method as claimed in claim 5, the image being a QR-Code, barcode or text representing the database identifier.
7. A method as claimed in claim 5 further comprising, at the second device:
scanning the image, the image representing the database identifier,
sending the request message, via the internet; and
in response to the request, receiving the response message, via the internet.
8. A method as claimed in claim 7, the response message comprising one or more further identifiers and identification codes associated with respective one or more further devices.
9. A method as claimed in claim 1, the value being dependent on an authorisation code stored at the first device.
10. A method as claimed in claim 1, the value being different to the authorisation code.
11. A method as claimed in claim 1, the value being calculated using the predetermined algorithm having as inputs: the authorisation code stored at the first device, a public key of the first device and a random number generated by the first device.
12. A method as claimed in claim 11, said authenticating step comprising:
receiving the random number from the first device;
from the value, authorisation code and the public key, calculating a number according to the predetermined algorithm; and
comparing said calculated number with the received random number and, if said numbers match, authenticating the first device.
13. A method as claimed in claim 1, further comprising: at the first device, broadcasting the identifier for the first device in accordance with the communications protocol.
14. A method as claimed in claim 1, the second message being received via a third device capable of operating according to the communications protocol.
15. A method as claimed in claim 1, the second device being capable of communicating in a mesh network.
16. A method as claimed in claim 1, wherein the wireless communications protocol is Bluetooth Low Energy protocol.
17. A method as claimed in claim 1, the wireless communications protocol defining a broadcast packet type, said second message being received via a packet of the broadcast packet type.
18. A wireless communications device capable of operating according to a wireless communications protocol, the wireless communications device comprising:
an input configured to receive a database identifier, the database identifier not being received from the first device in accordance with the wireless communications protocol;
an interface configured to send a request message comprising the database identifier to a computer and to receive a response message from the computer comprising an identifier for a first device and an authorisation code associated with the first device;
a transceiver capable of operating according to the wireless communications protocol and configured to receive a second message comprising a value, the second message being sent from the first device in accordance with the wireless communications protocol; and
a controller configured to authenticate the first device if the authorisation code received via the response message relates, according to a predetermined algorithm, to the received value.
19. A wireless communications device as claimed in claim 18, the input being a camera or barcode reader configured to analyse an image.
20. A wireless communications device capable of operating according to a wireless communications protocol, the wireless communications device comprising:
a transceiver configured to broadcast an identifier for the device in accordance with the communications protocol, wherein the identifier is associated with a database identifier;
a memory configured to store an authorisation code,
the transceiver being further configured to:
send a first message comprising a value, the value being related, according to a predetermined algorithm, to the authorisation code; and
in response to sending the first message, receive a second message comprising an encrypted network key; and
a controller configured to decrypt the encrypted network key by means of which the device can access a network, wherein the device is configured to not send and not display the authorisation code unencrypted.
US14/316,404 2014-02-25 2014-06-26 Device authentication Abandoned US20150245204A1 (en)

Applications Claiming Priority (6)

Application Number Priority Date Filing Date Title
GB1403312.0A GB2515853B (en) 2014-02-25 2014-02-25 Latency mitigation
GB1403314.6A GB2512733B (en) 2014-02-25 2014-02-25 Broadcast retransmission
GB1403312.0 2014-02-25
GB1403314.6 2014-02-25
GB1405789.7A GB2512502B (en) 2014-02-25 2014-03-31 Device authentication
GB1405789.7 2014-03-31

Publications (1)

Publication Number Publication Date
US20150245204A1 true US20150245204A1 (en) 2015-08-27

Family

ID=50737759

Family Applications (14)

Application Number Title Priority Date Filing Date
US14/270,961 Active 2035-05-12 US10055570B2 (en) 2014-02-25 2014-05-06 Mesh relay
US14/270,884 Abandoned US20150244648A1 (en) 2014-02-25 2014-05-06 Auto-configuration of a mesh relay's tx/rx schedule
US14/297,324 Active 2034-12-08 US9489506B2 (en) 2014-02-25 2014-06-05 Linking ad hoc networks
US14/298,177 Abandoned US20150245203A1 (en) 2014-02-25 2014-06-06 Packet identification
US14/316,404 Abandoned US20150245204A1 (en) 2014-02-25 2014-06-26 Device authentication
US14/316,529 Abandoned US20150244828A1 (en) 2014-02-25 2014-06-26 Thwarting traffic analysis
US14/505,443 Active 2035-06-01 US9754096B2 (en) 2014-02-25 2014-10-02 Update management
US14/505,458 Active US9672346B2 (en) 2014-02-25 2014-10-02 Object tracking by establishing a mesh network and transmitting packets
US14/505,399 Active 2035-04-03 US9910976B2 (en) 2014-02-25 2014-10-02 Processing mesh communications
US14/505,437 Abandoned US20150245369A1 (en) 2014-02-25 2014-10-02 Communicating data over a mesh network
US14/505,465 Abandoned US20150244565A1 (en) 2014-02-25 2014-10-02 Network configuration
US14/505,418 Abandoned US20150242614A1 (en) 2014-02-25 2014-10-02 Provisioning of security credentials
US14/505,466 Abandoned US20150244623A1 (en) 2014-02-25 2014-10-02 Mesh profiling
US14/505,454 Expired - Fee Related US9842202B2 (en) 2014-02-25 2014-10-02 Device proximity

Family Applications Before (4)

Application Number Title Priority Date Filing Date
US14/270,961 Active 2035-05-12 US10055570B2 (en) 2014-02-25 2014-05-06 Mesh relay
US14/270,884 Abandoned US20150244648A1 (en) 2014-02-25 2014-05-06 Auto-configuration of a mesh relay's tx/rx schedule
US14/297,324 Active 2034-12-08 US9489506B2 (en) 2014-02-25 2014-06-05 Linking ad hoc networks
US14/298,177 Abandoned US20150245203A1 (en) 2014-02-25 2014-06-06 Packet identification

Family Applications After (9)

Application Number Title Priority Date Filing Date
US14/316,529 Abandoned US20150244828A1 (en) 2014-02-25 2014-06-26 Thwarting traffic analysis
US14/505,443 Active 2035-06-01 US9754096B2 (en) 2014-02-25 2014-10-02 Update management
US14/505,458 Active US9672346B2 (en) 2014-02-25 2014-10-02 Object tracking by establishing a mesh network and transmitting packets
US14/505,399 Active 2035-04-03 US9910976B2 (en) 2014-02-25 2014-10-02 Processing mesh communications
US14/505,437 Abandoned US20150245369A1 (en) 2014-02-25 2014-10-02 Communicating data over a mesh network
US14/505,465 Abandoned US20150244565A1 (en) 2014-02-25 2014-10-02 Network configuration
US14/505,418 Abandoned US20150242614A1 (en) 2014-02-25 2014-10-02 Provisioning of security credentials
US14/505,466 Abandoned US20150244623A1 (en) 2014-02-25 2014-10-02 Mesh profiling
US14/505,454 Expired - Fee Related US9842202B2 (en) 2014-02-25 2014-10-02 Device proximity

Country Status (3)

Country Link
US (14) US10055570B2 (en)
DE (13) DE102014019749B3 (en)
GB (18) GB2512749B (en)

Cited By (17)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20160044032A1 (en) * 2014-08-10 2016-02-11 Belkin International, Inc. Setup of multiple iot network devices
US20160302056A1 (en) * 2015-04-13 2016-10-13 Gunitech Corp. Connection Information Sharing System, Computer Program, and Connection Information Sharing Method Thereof
US9489506B2 (en) 2014-02-25 2016-11-08 Qualcomm Technologies International, Ltd. Linking ad hoc networks
US20170094706A1 (en) * 2014-04-01 2017-03-30 Belkin International, Inc. Setup of multiple iot network devices
US9692538B2 (en) 2014-02-25 2017-06-27 Qualcomm Technologies International, Ltd. Latency mitigation
US9872240B2 (en) 2014-08-19 2018-01-16 Belkin International Inc. Network device source entity triggered device configuration setup
US20180255045A1 (en) * 2015-02-24 2018-09-06 Nelson A. Cicchitto Mobile device enabled desktop tethered and tetherless authentication
US20190159031A1 (en) * 2016-04-26 2019-05-23 Checkit Limited Network Access Control
WO2019222412A1 (en) * 2018-05-18 2019-11-21 Alibaba Group Holding Limited Bluetooth mesh network provisioning authentication
US10574475B2 (en) * 2018-05-24 2020-02-25 Haier Us Appliance Solutions, Inc. Household appliance with bluetooth connection and authentication
US20200127896A1 (en) * 2017-04-10 2020-04-23 Itron Networked Solutions, Inc. Efficient internet-of-things device configuration via quick response codes
US10659442B1 (en) * 2015-12-21 2020-05-19 Marvell International Ltd. Security in smart configuration for WLAN based IOT device
US10848485B2 (en) 2015-02-24 2020-11-24 Nelson Cicchitto Method and apparatus for a social network score system communicably connected to an ID-less and password-less authentication system
US10951470B2 (en) 2018-05-14 2021-03-16 Alibaba Group Holding Limited Bluetooth mesh network provisioning
US10986573B2 (en) 2018-06-22 2021-04-20 Alibaba Group Holding Limited Bluetooth mesh network gateway and device data communication
US11122034B2 (en) 2015-02-24 2021-09-14 Nelson A. Cicchitto Method and apparatus for an identity assurance score with ties to an ID-less and password-less authentication system
US11146540B2 (en) * 2018-05-09 2021-10-12 Datalogic Ip Tech S.R.L. Systems and methods for public key exchange employing a peer-to-peer protocol

Families Citing this family (112)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103974225B (en) * 2013-02-01 2018-03-13 财团法人工业技术研究院 Communication device, device-to-device communication system and wireless communication method thereof
US10078811B2 (en) 2013-11-29 2018-09-18 Fedex Corporate Services, Inc. Determining node location based on context data in a wireless node network
US10453023B2 (en) 2014-05-28 2019-10-22 Fedex Corporate Services, Inc. Methods and node apparatus for adaptive node communication within a wireless node network
US9386605B2 (en) * 2014-07-11 2016-07-05 Motorola Solutions, Inc. Mobile dynamic mesh cluster bridging method and apparatus at incident scenes
FR3026587A1 (en) * 2014-09-30 2016-04-01 Orange METHOD OF ACCESS BY A MASTER DEVICE TO A VALUE TAKEN BY A CHARACTERISTIC MANAGED BY A PERIPHERAL DEVICE
FR3031822B1 (en) * 2015-01-16 2018-04-13 Airbus Operations DOWNLOADING DATA ON REMOTE EQUIPMENT
US10681479B2 (en) 2015-01-30 2020-06-09 Cassia Networks Inc. Methods, devices and systems for bluetooth audio transmission
US9769594B2 (en) * 2015-01-30 2017-09-19 Cassia Networks Inc. Methods, devices and systems for increasing wireless communication range
US11238397B2 (en) 2015-02-09 2022-02-01 Fedex Corporate Services, Inc. Methods, apparatus, and systems for generating a corrective pickup notification for a shipped item using a mobile master node
US9426616B1 (en) * 2015-02-10 2016-08-23 Tyco Fire & Security Gmbh Wireless sensor network controlled low energy link
FR3033118B1 (en) * 2015-02-19 2017-02-17 Sigfox METHOD AND SYSTEM FOR WIRELESS COMMUNICATION BETWEEN TERMINALS AND SEMI-DUPLEX BASE STATIONS
EP3262893B1 (en) 2015-02-26 2019-07-03 Telefonaktiebolaget LM Ericsson (publ) Energy efficient ble mesh initialisation and operation
JP6566669B2 (en) * 2015-03-12 2019-08-28 キヤノン株式会社 Information processing apparatus, control method thereof, communication method, and program
CN106304303B (en) * 2015-06-09 2019-11-12 沈阳中科奥维科技股份有限公司 A kind of power regulating method suitable for WIA-PA wireless network
US10375492B2 (en) 2015-06-30 2019-08-06 Sonova, AG Method of fitting a hearing assistance device
WO2017007409A1 (en) * 2015-07-06 2017-01-12 Telefonaktiebolaget Lm Ericsson (Publ) Apparatus and method for forwarding messages
US9985839B2 (en) 2015-07-08 2018-05-29 Fedex Corporate Services, Inc. Systems, apparatus, and methods of event monitoring for an event candidate within a wireless node network based upon sighting events, sporadic events, and benchmark checkpoint events
US9843929B2 (en) 2015-08-21 2017-12-12 Afero, Inc. Apparatus and method for sharing WiFi security data in an internet of things (IoT) system
US9503969B1 (en) 2015-08-25 2016-11-22 Afero, Inc. Apparatus and method for a dynamic scan interval for a wireless device
CN108353277B (en) * 2015-09-30 2021-09-28 谷歌有限责任公司 Low energy radio and system including low energy radio
US10990616B2 (en) * 2015-11-17 2021-04-27 Nec Corporation Fast pattern discovery for log analytics
US10673646B1 (en) * 2018-12-09 2020-06-02 Olibra Llc System, device, and method of multi-path wireless communication
US10432461B2 (en) * 2015-12-04 2019-10-01 T-Mobile Usa, Inc. Peer-to-peer distribution of radio protocol data for software defined radio (SDR) updates
KR102381371B1 (en) 2015-12-10 2022-03-31 삼성전자주식회사 System and method for providing information by using near field communication
US10805344B2 (en) * 2015-12-14 2020-10-13 Afero, Inc. Apparatus and method for obscuring wireless communication patterns
US10447784B2 (en) 2015-12-14 2019-10-15 Afero, Inc. Apparatus and method for modifying packet interval timing to identify a data transfer condition
US10091242B2 (en) 2015-12-14 2018-10-02 Afero, Inc. System and method for establishing a secondary communication channel to control an internet of things (IOT) device
US9992065B2 (en) * 2015-12-15 2018-06-05 T-Mobile Usa, Inc. Selective wi-fi calling router updates
US20170187602A1 (en) * 2015-12-29 2017-06-29 Vivek Pathela System and method of troubleshooting network source inefficiency
US10708842B2 (en) * 2016-01-13 2020-07-07 Locus Control LLC Low power communications system
US10148453B2 (en) * 2016-02-24 2018-12-04 Qualcomm Incorporated Using update slot to synchronize to Bluetooth LE isochronous channel and communicate state changes
CN108780538A (en) 2016-03-23 2018-11-09 联邦快递服务公司 The system, apparatus and method of broadcast setting for the node in self-adjusting wireless node network
US10951261B2 (en) 2016-04-29 2021-03-16 Texas Instruments Incorporated Pseudo channel hopping in mesh networks without time synchronization
US10205606B2 (en) 2016-06-15 2019-02-12 Abl Ip Holding Llc Mesh over-the-air (OTA) luminaire firmware update
US10873854B2 (en) * 2016-07-28 2020-12-22 Lg Electronics Inc. Method and apparatus for establishing connection of devices
US10798548B2 (en) * 2016-08-22 2020-10-06 Lg Electronics Inc. Method for controlling device by using Bluetooth technology, and apparatus
EP3312762B1 (en) * 2016-10-18 2023-03-01 Axis AB Method and system for tracking an object in a defined area
US9781603B1 (en) * 2016-10-20 2017-10-03 Fortress Cyber Security, LLC Combined network and physical security appliance
US10348514B2 (en) * 2016-10-26 2019-07-09 Abl Ip Holding Llc Mesh over-the-air (OTA) driver update using site profile based multiple platform image
US11210678B2 (en) 2016-11-18 2021-12-28 Samsung Electronics Co., Ltd. Component for provisioning security data and product including the same
US10728026B2 (en) * 2016-11-24 2020-07-28 Samsung Electronics Co., Ltd. Data management method
DE102016124168A1 (en) * 2016-12-13 2018-06-14 Endress+Hauser Conducta Gmbh+Co. Kg Method for operating a specific field device via a mobile operating device
WO2018118822A1 (en) * 2016-12-20 2018-06-28 Abbott Diabetes Care Inc. Systems, devices and methods for wireless communications in analyte monitoring devices
CN106792853B (en) * 2016-12-22 2020-05-12 青岛亿联客信息技术有限公司 New equipment adding method for Bluetooth mesh network
CN106713047A (en) * 2017-01-12 2017-05-24 泰凌微电子(上海)有限公司 Node upgrading method and system in mesh network
US10433134B2 (en) 2017-01-24 2019-10-01 Arris Enterprises Llc Video gateway as an internet of things mesh enhancer apparatus and method
CN110168454B (en) * 2017-02-21 2022-05-06 欧姆龙株式会社 Method for controlling a field device, control device, technical system and storage medium
US10362612B2 (en) 2017-03-06 2019-07-23 Citrix Systems, Inc. Virtual private networking based on peer-to-peer communication
CN110352586B (en) * 2017-03-08 2021-12-07 日立能源瑞士股份公司 Method and apparatus for preserving relative timing and ordering of data packets in a network
DE102017106381A1 (en) 2017-03-24 2018-09-27 Newtec Gmbh Method and apparatus for wirelessly transmitting a data signal
US10116523B1 (en) * 2017-04-12 2018-10-30 Fisher-Rosemount Systems, Inc. Predictive connectivity diagnostics for a wireless mesh network in a process control system
US11229023B2 (en) * 2017-04-21 2022-01-18 Netgear, Inc. Secure communication in network access points
US10605609B2 (en) * 2017-05-03 2020-03-31 Microsoft Technology Licensing, Llc Coupled interactive devices
DE102017207871A1 (en) * 2017-05-10 2018-11-15 Tridonic Gmbh & Co Kg Firmware Update-Over-The Air (FOTA) in building technology
CA3063105A1 (en) 2017-05-23 2018-11-29 Walmart Apollo, Llc Automated inspection system
US10389854B2 (en) * 2017-06-15 2019-08-20 Infinet, LLC Method and system for forming an ad-hoc network over heterogeneous protocols
US9955307B1 (en) * 2017-08-03 2018-04-24 Here Global B.V. Distributed relative positioning
US20210132932A1 (en) * 2017-08-15 2021-05-06 General Electric Company Smart equipment, method used by smart equipment, and smart lamp
US10666624B2 (en) * 2017-08-23 2020-05-26 Qualcomm Incorporated Systems and methods for optimized network layer message processing
CN107635215A (en) * 2017-08-25 2018-01-26 西安电子科技大学 Mesh network-building methods based on low-power consumption bluetooth
US10951653B2 (en) 2017-09-22 2021-03-16 Samsung Electronics Co., Ltd. Apparatus including secure component and method of provisioning security information into the apparatus
CN107508714B (en) * 2017-09-26 2020-09-15 深圳市微智电子有限公司 Method and device for carrying out network configuration on Bluetooth equipment based on Bluetooth mesh
US11057204B2 (en) * 2017-10-04 2021-07-06 Amir Keyvan Khandani Methods for encrypted data communications
CN109756324A (en) * 2017-11-02 2019-05-14 大唐移动通信设备有限公司 Cryptographic key negotiation method, terminal and gateway in a kind of Mesh network
US11490400B2 (en) * 2017-11-15 2022-11-01 Telefonaktiebolaget Lm Ericsson (Publ) End node, relay node, and methods performed therein for handling transmission of information
CN108064034A (en) * 2017-11-17 2018-05-22 芯海科技(深圳)股份有限公司 A kind of data collection network method of mesh networkings
EP3489922B1 (en) 2017-11-24 2022-01-05 Andreas Stihl AG & Co. KG Method of operating a wireless transmitter and a wireless receiver and system
EP3718352B1 (en) * 2017-11-28 2021-07-07 Telefonaktiebolaget LM Ericsson (publ) Message transmission with reduced interference
WO2019117763A1 (en) * 2017-12-11 2019-06-20 Telefonaktiebolaget Lm Ericsson (Publ) Channel scanning in a mesh network
US10554562B2 (en) * 2017-12-22 2020-02-04 International Business Machines Corporation Streaming network
RU2666306C1 (en) * 2017-12-27 2018-09-06 федеральное государственное автономное образовательное учреждение высшего образования "Санкт-Петербургский политехнический университет Петра Великого" (ФГАОУ ВО "СПбПУ") Method of controlling communication of single-range intercomputer data network
US10607012B2 (en) 2017-12-29 2020-03-31 Delphian Systems, LLC Bridge computing device control in local networks of interconnected devices
US10706179B2 (en) * 2018-01-10 2020-07-07 General Electric Company Secure provisioning of secrets into MPSoC devices using untrusted third-party systems
KR102530441B1 (en) 2018-01-29 2023-05-09 삼성전자주식회사 Electronic device, external electronic device, system comprising the same and control method thereof
US10944669B1 (en) 2018-02-09 2021-03-09 GoTenna, Inc. System and method for efficient network-wide broadcast in a multi-hop wireless network using packet echos
US11516682B2 (en) * 2018-03-16 2022-11-29 Telefonaktiebolaget Lm Ericsson (Publ) Methods and nodes for obtaining information regarding a bluetooth mesh network
US11448632B2 (en) 2018-03-19 2022-09-20 Walmart Apollo, Llc System and method for the determination of produce shelf life
US11658865B2 (en) * 2018-03-20 2023-05-23 Delphian Systems, LLC Updating devices in a local network of interconnected devices
US10869227B2 (en) * 2018-03-23 2020-12-15 Telefonaktiebolaget Lm Ericsson (Publ) Message cache management in a mesh network
US10613505B2 (en) 2018-03-29 2020-04-07 Saudi Arabian Oil Company Intelligent distributed industrial facility safety system
US10303147B1 (en) 2018-03-29 2019-05-28 Saudi Arabian Oil Company Distributed industrial facility safety system modular remote sensing devices
US10311705B1 (en) * 2018-03-29 2019-06-04 Saudi Arabian Oil Company Distributed industrial facility safety system
US11018871B2 (en) * 2018-03-30 2021-05-25 Intel Corporation Key protection for computing platform
KR102114992B1 (en) * 2018-04-25 2020-05-25 (주)휴맥스 Wireless communication equipment and method for configuring mesh network thereof
US11308950B2 (en) 2018-05-09 2022-04-19 4PLAN Corporation Personal location system for virtual assistant
WO2019237263A1 (en) * 2018-06-13 2019-12-19 卧槽科技(深圳)有限公司 Low-energy bluetooth network maintenance method, electronic device, bluetooth network, and medium
US10650023B2 (en) * 2018-07-24 2020-05-12 Booz Allen Hamilton, Inc. Process for establishing trust between multiple autonomous systems for the purposes of command and control
WO2020023762A1 (en) 2018-07-26 2020-01-30 Walmart Apollo, Llc System and method for produce detection and classification
WO2020023909A1 (en) 2018-07-27 2020-01-30 GoTenna, Inc. Vine™: zero-control routing using data packet inspection for wireless mesh networks
US11140659B2 (en) * 2018-08-21 2021-10-05 Signify Holding B.V. Wireless organization of electrical devices by sensor manipulation
US11368436B2 (en) * 2018-08-28 2022-06-21 Bae Systems Information And Electronic Systems Integration Inc. Communication protocol
US11715059B2 (en) * 2018-10-12 2023-08-01 Walmart Apollo, Llc Systems and methods for condition compliance
FI128520B (en) * 2018-11-14 2020-07-15 Xiphera Oy Method for providing a secret unique key for a volatile FPGA
WO2020106332A1 (en) 2018-11-20 2020-05-28 Walmart Apollo, Llc Systems and methods for assessing products
WO2020123958A1 (en) * 2018-12-14 2020-06-18 Denso International America, Inc. System and method of determining real-time location
CN109673014B (en) * 2019-01-25 2022-07-15 欧普照明股份有限公司 Network combination method
CN111669732B (en) * 2019-03-06 2021-09-07 乐鑫信息科技(上海)股份有限公司 Method for filtering redundant data packets at nodes in bluetooth Mesh network
CN109862548B (en) 2019-03-06 2021-01-26 乐鑫信息科技(上海)股份有限公司 Method for processing data packets at a node in a bluetooth Mesh network
US11777715B2 (en) 2019-05-15 2023-10-03 Amir Keyvan Khandani Method and apparatus for generating shared secrets
CN111988268A (en) * 2019-05-24 2020-11-24 魏文科 Method for establishing and verifying input value by using asymmetric encryption algorithm and application thereof
US11265410B2 (en) * 2020-01-06 2022-03-01 Vorbeck Materials Corp. Self-organizing communications network nodes and systems
US11166339B2 (en) * 2019-07-05 2021-11-02 Samsung Electronics Co., Ltd. System and method for dynamic group data protection
CN110779500B (en) * 2019-11-14 2021-11-30 中国人民解放军国防科技大学 Mesoscale vortex detection method for incremental deployment sensor
KR102324374B1 (en) 2019-11-18 2021-11-11 한국전자통신연구원 Method and apparatus for configuring cluster in wireless communication system
US11432167B2 (en) 2020-01-22 2022-08-30 Abl Ip Holding Llc Selective updating of nodes of a nodal wireless network
US20210273920A1 (en) * 2020-02-28 2021-09-02 Vmware, Inc. Secure certificate or key distribution for synchronous mobile device management (mdm) clients
US11166253B2 (en) * 2020-03-27 2021-11-02 Dell Products L.P. Data center automatic inventory and location data population and recovery using mesh network
EP3968600A1 (en) * 2020-09-11 2022-03-16 Volkswagen Ag Controlling a communication between a vehicle and a backend device
WO2022148695A1 (en) * 2021-01-06 2022-07-14 Signify Holding B.V. A method of, a node device and a system for relaying a message in a network comprising at least two mesh networks
US20230266960A1 (en) * 2022-02-24 2023-08-24 Whirlpool Corporation Systems and methods of offline over the air (ota) programming of appliances
CN115051921B (en) * 2022-05-27 2023-11-07 北京交通大学 Self-adaptive heterogeneous network attribute information collection method
US11870879B1 (en) * 2023-01-04 2024-01-09 Getac Technology Corporation Device communication during emergent conditions

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030181203A1 (en) * 2002-03-19 2003-09-25 Cheshire Stuart D. Method and apparatus for configuring a wireless device through reverse advertising
US20100241857A1 (en) * 2007-11-16 2010-09-23 Okude Kazuhiro Authentication method, authentication system, in-vehicle device, and authentication apparatus
US20100262828A1 (en) * 2009-04-08 2010-10-14 Research In Motion Limited Systems, devices, and methods for securely transmitting a security parameter to a computing device
US20110081860A1 (en) * 2009-10-02 2011-04-07 Research In Motion Limited Methods and devices for facilitating bluetooth pairing using a camera as a barcode scanner

Family Cites Families (184)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6079034A (en) * 1997-12-05 2000-06-20 Hewlett-Packard Company Hub-embedded system for automated network fault detection and isolation
US7010604B1 (en) * 1998-10-30 2006-03-07 Science Applications International Corporation Agile network protocol for secure communications with assured system availability
US6986046B1 (en) 2000-05-12 2006-01-10 Groove Networks, Incorporated Method and apparatus for managing secure collaborative transactions
US6836466B1 (en) * 2000-05-26 2004-12-28 Telcordia Technologies, Inc. Method and system for measuring IP performance metrics
US6745027B2 (en) 2000-12-22 2004-06-01 Seekernet Incorporated Class switched networks for tracking articles
US20030014507A1 (en) 2001-03-13 2003-01-16 International Business Machines Corporation Method and system for providing performance analysis for clusters
WO2002078272A1 (en) * 2001-03-23 2002-10-03 Kent Ridge Digital Labs A method and system for providing bridged mobile ad-hoc networks
US20030037237A1 (en) 2001-04-09 2003-02-20 Jean-Paul Abgrall Systems and methods for computer device authentication
DE10145596A1 (en) * 2001-09-15 2003-04-03 Philips Corp Intellectual Pty Network with several sub-networks
WO2003034669A1 (en) 2001-10-17 2003-04-24 British Telecommunications Public Limited Company Network location management system
KR100408525B1 (en) * 2001-10-31 2003-12-06 삼성전자주식회사 System and method of network adaptive real- time multimedia streaming
US7391731B1 (en) 2002-03-07 2008-06-24 Ibasis, Inc. Method for determining best path
US6917974B1 (en) * 2002-01-03 2005-07-12 The United States Of America As Represented By The Secretary Of The Air Force Method and apparatus for preventing network traffic analysis
US7760645B2 (en) 2002-02-25 2010-07-20 Olsonet Communications Method for routing ad-hoc signals
US20030212821A1 (en) 2002-05-13 2003-11-13 Kiyon, Inc. System and method for routing packets in a wired or wireless network
US7251235B2 (en) 2002-06-12 2007-07-31 Conexant, Inc. Event-based multichannel direct link
US20040001483A1 (en) 2002-06-27 2004-01-01 Schmidt Kurt E. Distribution and reconstruction of AD-HOC timing signals
US7474874B2 (en) 2002-06-28 2009-01-06 Nokia Corporation Local browsing
US6898751B2 (en) * 2002-07-31 2005-05-24 Transdimension, Inc. Method and system for optimizing polling in systems using negative acknowledgement protocols
AU2003262908A1 (en) 2002-08-28 2004-03-19 Docomo Communications Laboratories Usa, Inc. Certificate-based encryption and public key infrastructure
GB0313473D0 (en) 2003-06-11 2003-07-16 Koninkl Philips Electronics Nv Configuring a radio network for selective broadcast
KR100547133B1 (en) 2003-07-11 2006-01-26 삼성전자주식회사 Apparatus and method for constructing ad-hoc network of heterogeneous terminals
KR100640327B1 (en) * 2003-11-24 2006-10-30 삼성전자주식회사 The Frame Structure and Data Transmission Method for Bridge Operation of WPAN
US20050175184A1 (en) * 2004-02-11 2005-08-11 Phonex Broadband Corporation Method and apparatus for a per-packet encryption system
US7436790B2 (en) 2004-03-25 2008-10-14 Research In Motion Limited Wireless access point methods and apparatus for reduced power consumption and cost
US20080069030A1 (en) 2004-05-31 2008-03-20 Matsushita Electric Industrial Co., Ltd. Mobile Terminal Managing Device, Mobile Terminal, and Communication System
US20060025180A1 (en) 2004-07-30 2006-02-02 Qualcomm Incorporated Method for waking a wireless device
KR20090016007A (en) 2004-08-10 2009-02-12 메시네트웍스, 인코포레이티드 Software architecture and hardware abstraction layer for multi-radio routing and method for providing the same
DE102004040069B3 (en) 2004-08-18 2006-03-23 Siemens Ag Establishment of a wireless communication network with determination of local topology information from the identifiers of the communication devices
US7747774B2 (en) * 2004-08-23 2010-06-29 At&T Intellectual Property I, L.P. Methods, systems and computer program products for obscuring traffic in a distributed system
US7702927B2 (en) 2004-11-12 2010-04-20 Verayo, Inc. Securely field configurable device
KR100594127B1 (en) * 2004-11-16 2006-06-28 삼성전자주식회사 Bonding process method and device in a Bluetooth device
US7496059B2 (en) * 2004-12-09 2009-02-24 Itt Manufacturing Enterprises, Inc. Energy-efficient medium access control protocol and system for sensor networks
US7533258B2 (en) 2005-01-07 2009-05-12 Cisco Technology, Inc. Using a network-service credential for access control
JP4550636B2 (en) * 2005-03-18 2010-09-22 富士通株式会社 Electronic device, its registration method and registration program
US7522540B1 (en) 2005-04-15 2009-04-21 Nvidia Corporation Extended service set mesh topology discovery
US8027289B2 (en) * 2005-04-27 2011-09-27 Raytheon Bbn Technologies Corp. Ultra-low latency packet transport in ad hoc networks
US7894372B2 (en) 2005-05-31 2011-02-22 Iac Search & Media, Inc. Topology-centric resource management for large scale service clusters
US7606178B2 (en) 2005-05-31 2009-10-20 Cisco Technology, Inc. Multiple wireless spanning tree protocol for use in a wireless mesh network
US7653011B2 (en) 2005-05-31 2010-01-26 Cisco Technology, Inc. Spanning tree protocol for wireless networks
KR20080025095A (en) 2005-06-01 2008-03-19 밀레니얼 넷, 인크. Communicating over a wireless network
US9654200B2 (en) 2005-07-18 2017-05-16 Mutualink, Inc. System and method for dynamic wireless aerial mesh network
GB2467656B (en) * 2005-07-21 2010-09-15 Firetide Inc Method for enabling the efficient operation of arbitrarily in erconnected mesh networks
US7787361B2 (en) 2005-07-29 2010-08-31 Cisco Technology, Inc. Hybrid distance vector protocol for wireless mesh networks
US8948805B2 (en) * 2005-08-26 2015-02-03 Qualcomm Incorporated Method and apparatus for reliable transmit power and timing control in wireless communication
US7778270B1 (en) 2005-08-31 2010-08-17 Hrl Laboratories, Llc Code-switching in wireless multi-hop networks
US7546139B2 (en) 2005-12-27 2009-06-09 F4W, Inc. System and method for establishing and maintaining communications across disparate networks
US20100005294A1 (en) * 2005-10-18 2010-01-07 Kari Kostiainen Security in Wireless Environments Using Out-Of-Band Channel Communication
JP4641245B2 (en) 2005-10-26 2011-03-02 三菱電機株式会社 Ad hoc network system, wireless ad hoc terminal and failure detection method thereof
US7978666B2 (en) 2005-10-31 2011-07-12 Robert Bosch Gmbh Node control in wireless sensor networks
US7539488B2 (en) 2005-11-09 2009-05-26 Texas Instruments Norway As Over-the-air download (OAD) methods and apparatus for use in facilitating application programming in wireless network devices of ad hoc wireless communication networks
US20070110024A1 (en) 2005-11-14 2007-05-17 Cisco Technology, Inc. System and method for spanning tree cross routes
US7593376B2 (en) 2005-12-07 2009-09-22 Motorola, Inc. Method and apparatus for broadcast in an ad hoc network using elected broadcast relay nodes
US20130219482A1 (en) 2006-01-31 2013-08-22 Sigma Designs, Inc. Method for uniquely addressing a group of network units in a sub-network
US7848261B2 (en) * 2006-02-17 2010-12-07 Isilon Systems, Inc. Systems and methods for providing a quiescing protocol
US8023478B2 (en) 2006-03-06 2011-09-20 Cisco Technology, Inc. System and method for securing mesh access points in a wireless mesh network, including rapid roaming
US7647078B2 (en) * 2006-03-07 2010-01-12 Samsung Electronics Co., Ltd. Power-saving method for wireless sensor network
US8340106B2 (en) * 2006-03-13 2012-12-25 Microsoft Corporation Connecting multi-hop mesh networks using MAC bridge
US8519566B2 (en) 2006-03-28 2013-08-27 Wireless Environment, Llc Remote switch sensing in lighting devices
US7786885B2 (en) 2006-04-25 2010-08-31 Hrl Laboratories, Llc Event localization within a distributed sensor array
US8681671B1 (en) * 2006-04-25 2014-03-25 Cisco Technology, Inc. System and method for reducing power used for radio transmission and reception
US8406794B2 (en) 2006-04-26 2013-03-26 Qualcomm Incorporated Methods and apparatuses of initiating communication in wireless networks
CN101083597A (en) 2006-05-31 2007-12-05 朗迅科技公司 SIP based instant message of mobile self-organizing network
DE102006036109B4 (en) 2006-06-01 2008-06-19 Nokia Siemens Networks Gmbh & Co.Kg Method and system for providing a mesh key
WO2008004102A2 (en) * 2006-07-06 2008-01-10 Nortel Networks Limited Wireless access point security for multi-hop networks
FR2903830B1 (en) 2006-07-11 2008-08-22 Alcatel Sa METHOD AND DEVICE FOR MONITORING OPTICAL CONNECTION PATHS FOR A TRANSPARENT OPTICAL NETWORK
US8411651B2 (en) 2006-07-27 2013-04-02 Interdigital Technology Corporation Media independent multi-rat function in a converged device
EP1892913A1 (en) 2006-08-24 2008-02-27 Siemens Aktiengesellschaft Method and arrangement for providing a wireless mesh network
US8634342B2 (en) 2006-10-05 2014-01-21 Cisco Technology, Inc. Upgrading mesh access points in a wireless mesh network
US8270302B2 (en) 2006-10-20 2012-09-18 Stmicroelectronics, Inc. System and method for providing an adaptive value of TTL (time to live) for broadcast/multicast messages in a mesh network using a hybrid wireless mesh protocol
US8149748B2 (en) 2006-11-14 2012-04-03 Raytheon Company Wireless data networking
KR100879026B1 (en) 2006-12-05 2009-01-15 한국전자통신연구원 Method for grouping among sensor nodes in heterogeneous wireless sensor networks
US8838481B2 (en) * 2011-07-26 2014-09-16 Golba Llc Method and system for location based hands-free payment
US8270340B2 (en) 2006-12-19 2012-09-18 Telefonaktiebolaget Lm Ericsson (Publ) Handling of idle gap commands in a telecommunication system
US9760146B2 (en) 2007-01-08 2017-09-12 Imagination Technologies Limited Conditional activation and deactivation of a microprocessor
US7787427B1 (en) 2007-01-09 2010-08-31 Dust Networks, Inc. Providing low average latency communication in wireless mesh networks
US20080205385A1 (en) 2007-02-26 2008-08-28 Motorola, Inc. Data frame formats to improve groupcast efficiency in multi-hop wireless networks
US8325627B2 (en) 2007-04-13 2012-12-04 Hart Communication Foundation Adaptive scheduling in a wireless network
US8406248B2 (en) 2007-04-13 2013-03-26 Hart Communication Foundation Priority-based scheduling and routing in a wireless network
US8451752B2 (en) 2007-05-21 2013-05-28 Arrowspan, Inc. Seamless handoff scheme for multi-radio wireless mesh network
US20080292105A1 (en) 2007-05-22 2008-11-27 Chieh-Yih Wan Lightweight key distribution and management method for sensor networks
EA201070199A1 (en) * 2007-08-01 2010-06-30 Филип Моррис Продактс С.А. BIODRAINED CIGARETT FILTER
US8189506B2 (en) * 2007-09-12 2012-05-29 Nokia Corporation Deep sleep mode for mesh points
KR101405688B1 (en) 2007-09-14 2014-06-12 엘지이노텍 주식회사 Zigbee system
US20090089408A1 (en) 2007-09-28 2009-04-02 Alcatel Lucent XML Router and method of XML Router Network Overlay Topology Creation
US7941663B2 (en) 2007-10-23 2011-05-10 Futurewei Technologies, Inc. Authentication of 6LoWPAN nodes using EAP-GPSK
US9166934B2 (en) 2007-11-25 2015-10-20 Trilliant Networks, Inc. System and method for operating mesh devices in multi-tree overlapping mesh networks
US8289883B2 (en) 2007-12-21 2012-10-16 Samsung Electronics Co., Ltd. Hybrid multicast routing protocol for wireless mesh networks
US7929446B2 (en) 2008-01-04 2011-04-19 Radiient Technologies, Inc. Mesh networking for wireless communications
KR20090090461A (en) * 2008-02-21 2009-08-26 삼성전자주식회사 Method for prolonging lifetime of sensor nodes in a wireless sensor network and system therefor
JP4613969B2 (en) 2008-03-03 2011-01-19 ソニー株式会社 Communication apparatus and communication method
US8116247B2 (en) * 2008-03-11 2012-02-14 Nokia Siemens Networks Oy Adaptive mechanism for dynamic reconfiguration of mesh networks
US8923285B2 (en) 2008-04-30 2014-12-30 Qualcomm Incorporated Apparatus and methods for transmitting data over a wireless mesh network
EP2308259B1 (en) 2008-07-29 2017-12-06 Orange Routing adaptable to electromagnetic conditions in a multihop network
US8179845B2 (en) 2008-08-21 2012-05-15 Motorola Solutions, Inc. Antenna-aware method for transmitting packets in a wireless communication network
WO2010027495A1 (en) 2008-09-04 2010-03-11 Trilliant Networks, Inc. A system and method for implementing mesh network communications using a mesh network protocol
CA2733268A1 (en) 2008-09-25 2010-04-01 Fisher-Rosemount Systems, Inc. Wireless mesh network with pinch point and low battery alerts
GB2464125A (en) 2008-10-04 2010-04-07 Ibm Topology discovery comprising partitioning network nodes into groups and using multiple discovery agents operating concurrently in each group.
US8782746B2 (en) 2008-10-17 2014-07-15 Comcast Cable Communications, Llc System and method for supporting multiple identities for a secure identity device
WO2010057312A1 (en) * 2008-11-24 2010-05-27 Certicom Corp. System and method for hardware based security
US8294573B2 (en) 2008-12-11 2012-10-23 International Business Machines Corporation System and method for optimizing power consumption of container tracking devices through mesh networks
US8498229B2 (en) 2008-12-30 2013-07-30 Intel Corporation Reduced power state network processing
US8904177B2 (en) * 2009-01-27 2014-12-02 Sony Corporation Authentication for a multi-tier wireless home mesh network
US8254251B2 (en) 2009-02-03 2012-08-28 Mobix Wireless Solutions Ltd. Mesh hybrid communication network
US8964634B2 (en) 2009-02-06 2015-02-24 Sony Corporation Wireless home mesh network bridging adaptor
US9172612B2 (en) 2009-02-12 2015-10-27 Hewlett-Packard Development Company, L.P. Network device configuration management by physical location
EP2528279A3 (en) 2009-02-13 2013-03-27 Nokia Siemens Networks Oy Method, system and nodes for network topology detection in communication networks
US8194576B2 (en) 2009-03-27 2012-06-05 Research In Motion Limited Wireless access point methods and apparatus using dynamically-activated service intervals
US9069727B2 (en) * 2011-08-12 2015-06-30 Talari Networks Incorporated Adaptive private network with geographically redundant network control nodes
WO2011010181A1 (en) * 2009-07-23 2011-01-27 Nokia Corporation Method and apparatus for reduced power consumption when operating as a bluetooth low energy device
KR20110020005A (en) * 2009-08-21 2011-03-02 주식회사 팬택 Method for tranmitting and receiving data in wireless communication system
JP5338567B2 (en) * 2009-08-25 2013-11-13 沖電気工業株式会社 Wireless terminal and wireless system
EP2306692B1 (en) * 2009-10-02 2014-05-21 BlackBerry Limited Methods and devices for facilitating bluetooth pairing using a camera as a barcode scanner
US20150058409A1 (en) 2013-03-22 2015-02-26 Frank C. Wang Enhanced content delivery system and method spanning multiple data processing systems
EP2486697B1 (en) 2009-10-06 2013-12-11 Thomson Licensing A method and apparatus for hop-by hop reliable multicast in wireless networks
CN102045280B (en) 2009-10-26 2013-08-07 国基电子(上海)有限公司 Cable modem (CM) and certificate test method thereof
JP5544863B2 (en) 2009-12-17 2014-07-09 富士通株式会社 Reception device, reception method, and reception program
CN101729296B (en) 2009-12-29 2012-12-19 中兴通讯股份有限公司 Method and system for statistical analysis of ethernet traffic
US20130051552A1 (en) 2010-01-20 2013-02-28 Héléna Handschuh Device and method for obtaining a cryptographic key
US10645628B2 (en) 2010-03-04 2020-05-05 Rosemount Inc. Apparatus for interconnecting wireless networks separated by a barrier
US8495618B1 (en) 2010-03-31 2013-07-23 American Megatrends, Inc. Updating firmware in a high availability enabled computer system
US8516269B1 (en) 2010-07-28 2013-08-20 Sandia Corporation Hardware device to physical structure binding and authentication
US9173196B2 (en) 2010-10-07 2015-10-27 GM Global Technology Operations LLC Adaptive multi-channel access for vehicular networks
WO2012064178A1 (en) * 2010-11-11 2012-05-18 Mimos Berhad Method for use in providing an adaptable sensor nodes schedule in a wireless sensor network
EP2643951B1 (en) 2010-11-25 2014-04-23 Koninklijke Philips N.V. System and method for optimizing data transmission to nodes of a wireless mesh network
US8873526B2 (en) 2010-12-17 2014-10-28 Cisco Technology, Inc. Collision avoidance for wireless networks
US20120163292A1 (en) 2010-12-23 2012-06-28 Nokia Corporation Frame Header in Wireless Communication System
US9094316B2 (en) 2011-01-28 2015-07-28 Hewlett-Packard Development Company, L.P. Dynamic name generation
US20120198434A1 (en) 2011-01-31 2012-08-02 Digi International Inc. Virtual bundling of remote device firmware upgrade
US8769525B2 (en) 2011-01-31 2014-07-01 Digi International Inc. Remote firmware upgrade device mapping
US20120196534A1 (en) 2011-02-01 2012-08-02 Nokia Corporation Method, apparatus, and computer program product for broadcasting in short-range communication
WO2012122994A1 (en) 2011-03-11 2012-09-20 Kreft Heinz Off-line transfer of electronic tokens between peer-devices
US9716659B2 (en) * 2011-03-23 2017-07-25 Hughes Network Systems, Llc System and method for providing improved quality of service over broadband networks
US9268545B2 (en) * 2011-03-31 2016-02-23 Intel Corporation Connecting mobile devices, internet-connected hosts, and cloud services
CN102761941B (en) 2011-04-28 2016-08-03 北京云天创科技有限公司 A kind of method utilizing ultra-low power consumption wireless smart sensor's network protocol transmission
US20130128809A1 (en) 2011-05-19 2013-05-23 Qualcomm Incorporated Apparatus and methods for media access control header compression
US8553536B2 (en) 2011-07-12 2013-10-08 General Electric Company Mesh network management system
CN102355351B (en) 2011-07-21 2014-11-05 华为技术有限公司 Key generation, backup and migration method and system based on trusted computing
US8849202B2 (en) 2011-08-19 2014-09-30 Apple Inc. Audio transfer using the Bluetooth Low Energy standard
US8982785B2 (en) 2011-09-08 2015-03-17 Cisco Technology, Inc. Access point assisted direct client discovery
US9445305B2 (en) 2011-09-12 2016-09-13 Microsoft Corporation Low energy beacon encoding
GB2577423B (en) 2011-09-15 2020-09-02 Fisher Rosemount Systems Inc Communicating data frames across communication networks that use incompatible network routing protocols
US8892866B2 (en) 2011-09-26 2014-11-18 Tor Anumana, Inc. Secure cloud storage and synchronization systems and methods
US8649883B2 (en) 2011-10-04 2014-02-11 Advanergy, Inc. Power distribution system and method
WO2013057666A1 (en) 2011-10-17 2013-04-25 Koninklijke Philips Electronics N.V. Automatic recommissioning of electronic devices in a networked system
US8654869B2 (en) 2011-10-27 2014-02-18 Cooper Technologies Company Multi-path radio transmission input/output devices, network, systems and methods with link suitability determination
US9936382B2 (en) * 2011-11-21 2018-04-03 Vital Connect, Inc. Method and system for pairing a sensor device to a user
US8953790B2 (en) 2011-11-21 2015-02-10 Broadcom Corporation Secure generation of a device root key in the field
US9191461B2 (en) 2012-02-21 2015-11-17 Entropic Communications, Inc. Software upgrade using layer-2 management entity messaging
US9270584B2 (en) * 2012-02-28 2016-02-23 Cisco Technology, Inc. Diverse paths using a single source route in computer networks
US9172636B2 (en) 2012-02-28 2015-10-27 Cisco Technology, Inc. Efficient link repair mechanism triggered by data traffic
US20130279409A1 (en) 2012-04-18 2013-10-24 Draker, Inc. Establishing a Mesh Network
US9629063B2 (en) 2012-05-09 2017-04-18 Trellisware Technologies, Inc. Method and system for global topology discovery in multi-hop ad hoc networks
US8844026B2 (en) 2012-06-01 2014-09-23 Blackberry Limited System and method for controlling access to secure resources
US20150195692A1 (en) 2012-06-26 2015-07-09 Nokia Corporation Method and apparatus for providing device ringtone coordination
US8751615B2 (en) 2012-07-18 2014-06-10 Accedian Networks Inc. Systems and methods of discovering and controlling devices without explicit addressing
JP5881047B2 (en) 2012-08-08 2016-03-09 株式会社日立製作所 Network management system, network management computer, and network management method
US10779212B2 (en) 2012-09-05 2020-09-15 Interdigital Patent Holdings, Inc. Methods for MAC frame extensibility and frame specific MAC header design for WLAN systems
US9208676B2 (en) 2013-03-14 2015-12-08 Google Inc. Devices, methods, and associated information processing for security in a smart-sensored home
US9081643B2 (en) 2012-09-21 2015-07-14 Silver Sring Networks, Inc. System and method for efficiently updating firmware for nodes in a mesh network
US9279856B2 (en) 2012-10-22 2016-03-08 Infineon Technologies Ag Die, chip, method for driving a die or a chip and method for manufacturing a die or a chip
US9306660B2 (en) * 2012-10-22 2016-04-05 Qualcomm Technologies International, Ltd. Dynamic interactive zone driven proximity awareness system
CN102984798B (en) 2012-11-21 2016-02-03 越亮传奇科技股份有限公司 Position-based accurate positioning method
US20140167912A1 (en) 2012-12-17 2014-06-19 David M. Snyder System, method and apparatus for providing security systems integrated with solid state lighting systems
US20140171062A1 (en) 2012-12-19 2014-06-19 Telefonaktiebolaget L M Ericsson (Publ) Wireless Devices, Network Node and Methods for Handling Relay Assistance in a Wireless Communications Network
US9628373B2 (en) 2012-12-19 2017-04-18 Comcast Cable Communications, Llc Multipath communication in a network
WO2014098504A1 (en) 2012-12-19 2014-06-26 엘지전자 주식회사 Method for communicating in wireless communication system supporting multiple access network and apparatus supporting same
US20140181172A1 (en) 2012-12-20 2014-06-26 Brent J. Elliott Offloading tethering-related communication processing
EP2939495A4 (en) 2012-12-26 2016-08-17 Ict Res Llc Mobility extensions to industrial-strength wireless sensor networks
US9032480B2 (en) 2012-12-28 2015-05-12 Cellco Partnership Providing multiple APN connections support in a browser
US8938792B2 (en) 2012-12-28 2015-01-20 Intel Corporation Device authentication using a physically unclonable functions based key generation system
US9239723B2 (en) 2013-05-13 2016-01-19 Lenovo (Singapore) Pte. Ltd. Configuring a device based on proximity to other devices
US9264892B2 (en) 2013-07-03 2016-02-16 Verizon Patent And Licensing Inc. Method and apparatus for attack resistant mesh networks
US9983651B2 (en) 2013-07-15 2018-05-29 Google Technology Holdings LLC Low-power near-field communication authentication
US9386008B2 (en) 2013-08-19 2016-07-05 Smartguard, Llc Secure installation of encryption enabling software onto electronic devices
US20150071216A1 (en) 2013-09-09 2015-03-12 Qualcomm Connected Experiences, Inc. Allowing mass re-onboarding of headless devices
US9565576B2 (en) 2013-10-09 2017-02-07 At&T Intellectual Property I, L.P. Network operating system client architecture for mobile user equipment
US10591969B2 (en) 2013-10-25 2020-03-17 Google Technology Holdings LLC Sensor-based near-field communication authentication
US20150143130A1 (en) 2013-11-18 2015-05-21 Vixs Systems Inc. Integrated circuit provisioning using physical unclonable function
GB2515853B (en) 2014-02-25 2015-08-19 Cambridge Silicon Radio Ltd Latency mitigation
GB2512749B (en) 2014-02-25 2015-04-01 Cambridge Silicon Radio Ltd Linking ad hoc networks
GB2512733B (en) 2014-02-25 2018-09-05 Qualcomm Technologies Int Ltd Broadcast retransmission
US9660836B2 (en) 2014-05-06 2017-05-23 Lattice Semiconductor Corporation Network topology discovery
US10142799B2 (en) * 2014-08-19 2018-11-27 Qualcomm Incorporated Multicasting traffic using multi-connectivity

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030181203A1 (en) * 2002-03-19 2003-09-25 Cheshire Stuart D. Method and apparatus for configuring a wireless device through reverse advertising
US20100241857A1 (en) * 2007-11-16 2010-09-23 Okude Kazuhiro Authentication method, authentication system, in-vehicle device, and authentication apparatus
US20100262828A1 (en) * 2009-04-08 2010-10-14 Research In Motion Limited Systems, devices, and methods for securely transmitting a security parameter to a computing device
US20110081860A1 (en) * 2009-10-02 2011-04-07 Research In Motion Limited Methods and devices for facilitating bluetooth pairing using a camera as a barcode scanner

Cited By (38)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9754096B2 (en) 2014-02-25 2017-09-05 Qualcomm Technologies International, Ltd. Update management
US10055570B2 (en) 2014-02-25 2018-08-21 QUALCOMM Technologies International, Ltd Mesh relay
US9910976B2 (en) 2014-02-25 2018-03-06 Qualcomm Technologies International, Ltd. Processing mesh communications
US9489506B2 (en) 2014-02-25 2016-11-08 Qualcomm Technologies International, Ltd. Linking ad hoc networks
US9672346B2 (en) 2014-02-25 2017-06-06 Qualcomm Technologies International, Ltd. Object tracking by establishing a mesh network and transmitting packets
US9842202B2 (en) 2014-02-25 2017-12-12 Qualcomm Technologies International, Ltd. Device proximity
US9692538B2 (en) 2014-02-25 2017-06-27 Qualcomm Technologies International, Ltd. Latency mitigation
US9918351B2 (en) * 2014-04-01 2018-03-13 Belkin International Inc. Setup of multiple IOT networks devices
US11122635B2 (en) 2014-04-01 2021-09-14 Belkin International, Inc. Grouping of network devices
US20170094706A1 (en) * 2014-04-01 2017-03-30 Belkin International, Inc. Setup of multiple iot network devices
US9686682B2 (en) * 2014-08-10 2017-06-20 Belkin International Inc. Setup of multiple IoT network devices
US9713003B2 (en) * 2014-08-10 2017-07-18 Belkin International Inc. Setup of multiple IoT network devices
US20160044032A1 (en) * 2014-08-10 2016-02-11 Belkin International, Inc. Setup of multiple iot network devices
US9451462B2 (en) * 2014-08-10 2016-09-20 Belkin International Inc. Setup of multiple IoT network devices
US20160088478A1 (en) * 2014-08-10 2016-03-24 Belkin International, Inc. Setup of multiple iot network devices
US20160081133A1 (en) * 2014-08-10 2016-03-17 Belkin International, Inc. Setup of multiple iot network devices
US10524197B2 (en) 2014-08-19 2019-12-31 Belkin International, Inc. Network device source entity triggered device configuration setup
US9872240B2 (en) 2014-08-19 2018-01-16 Belkin International Inc. Network device source entity triggered device configuration setup
US20180255045A1 (en) * 2015-02-24 2018-09-06 Nelson A. Cicchitto Mobile device enabled desktop tethered and tetherless authentication
US11122034B2 (en) 2015-02-24 2021-09-14 Nelson A. Cicchitto Method and apparatus for an identity assurance score with ties to an ID-less and password-less authentication system
US11811750B2 (en) 2015-02-24 2023-11-07 Nelson A. Cicchitto Mobile device enabled desktop tethered and tetherless authentication
US11171941B2 (en) * 2015-02-24 2021-11-09 Nelson A. Cicchitto Mobile device enabled desktop tethered and tetherless authentication
US10848485B2 (en) 2015-02-24 2020-11-24 Nelson Cicchitto Method and apparatus for a social network score system communicably connected to an ID-less and password-less authentication system
US9832637B2 (en) * 2015-04-13 2017-11-28 Gunitech Corp. Connection information sharing system, computer program, and connection information sharing method thereof
US20160302056A1 (en) * 2015-04-13 2016-10-13 Gunitech Corp. Connection Information Sharing System, Computer Program, and Connection Information Sharing Method Thereof
US10659442B1 (en) * 2015-12-21 2020-05-19 Marvell International Ltd. Security in smart configuration for WLAN based IOT device
US20190159031A1 (en) * 2016-04-26 2019-05-23 Checkit Limited Network Access Control
US11451445B2 (en) * 2017-04-10 2022-09-20 Itron Networked Solutions, Inc. Efficient internet-of-things device configuration via quick response codes
US20200127896A1 (en) * 2017-04-10 2020-04-23 Itron Networked Solutions, Inc. Efficient internet-of-things device configuration via quick response codes
US11146540B2 (en) * 2018-05-09 2021-10-12 Datalogic Ip Tech S.R.L. Systems and methods for public key exchange employing a peer-to-peer protocol
US10951470B2 (en) 2018-05-14 2021-03-16 Alibaba Group Holding Limited Bluetooth mesh network provisioning
US11563631B2 (en) 2018-05-14 2023-01-24 Alibaba Group Holding Limited Bluetooth mesh network provisioning
US11259178B2 (en) * 2018-05-18 2022-02-22 Alibaba Group Holding Limited Bluetooth mesh network provisioning authentication
CN110505606A (en) * 2018-05-18 2019-11-26 阿里巴巴集团控股有限公司 Bluetooth Mesh network and its distribution method for authenticating, equipment and storage medium
TWI816761B (en) * 2018-05-18 2023-10-01 香港商阿里巴巴集團服務有限公司 Bluetooth mesh network and its distribution network authentication method, equipment and storage media
WO2019222412A1 (en) * 2018-05-18 2019-11-21 Alibaba Group Holding Limited Bluetooth mesh network provisioning authentication
US10574475B2 (en) * 2018-05-24 2020-02-25 Haier Us Appliance Solutions, Inc. Household appliance with bluetooth connection and authentication
US10986573B2 (en) 2018-06-22 2021-04-20 Alibaba Group Holding Limited Bluetooth mesh network gateway and device data communication

Also Published As

Publication number Publication date
GB2512545B (en) 2015-04-08
GB2512746B (en) 2015-03-11
GB2512544B (en) 2016-08-17
GB2512542B (en) 2015-02-25
US20150245203A1 (en) 2015-08-27
US20150245179A1 (en) 2015-08-27
US9489506B2 (en) 2016-11-08
US9910976B2 (en) 2018-03-06
US20150245231A1 (en) 2015-08-27
DE102015101604A1 (en) 2015-08-27
GB201421698D0 (en) 2015-01-21
DE102014019749B3 (en) 2017-08-31
DE102014012517B4 (en) 2017-03-02
GB201412715D0 (en) 2014-09-03
GB2512747B (en) 2015-04-01
GB201412720D0 (en) 2014-09-03
GB2512542A (en) 2014-10-01
GB2512746A (en) 2014-10-08
GB2515923B8 (en) 2015-06-17
GB2512544A (en) 2014-10-01
DE102015101699A1 (en) 2015-08-27
GB2512781A (en) 2014-10-08
GB2512545A (en) 2014-10-01
GB2512543A (en) 2014-10-01
US9754096B2 (en) 2017-09-05
DE102014012517A1 (en) 2015-08-27
GB2523444A (en) 2015-08-26
GB201405789D0 (en) 2014-05-14
GB201412716D0 (en) 2014-09-03
GB2513265A (en) 2014-10-22
GB2512256A (en) 2014-09-24
GB2515923A (en) 2015-01-07
GB2512749A (en) 2014-10-08
GB2512781B (en) 2015-08-05
GB201415178D0 (en) 2014-10-08
GB2513048A (en) 2014-10-15
US20150245296A1 (en) 2015-08-27
GB201405791D0 (en) 2014-05-14
US9842202B2 (en) 2017-12-12
GB2512502B (en) 2015-03-11
DE102014012379B4 (en) 2016-05-12
US20150244828A1 (en) 2015-08-27
GB2515923A8 (en) 2015-06-17
GB2513048B (en) 2015-08-26
US20150245412A1 (en) 2015-08-27
US20150245369A1 (en) 2015-08-27
GB2518120B (en) 2015-09-30
DE102014012518A1 (en) 2015-08-27
US20150244623A1 (en) 2015-08-27
DE102015101697A1 (en) 2015-08-27
GB201412714D0 (en) 2014-09-03
GB201412722D0 (en) 2014-09-03
GB2517844A (en) 2015-03-04
GB2512256B8 (en) 2015-07-01
US9672346B2 (en) 2017-06-06
GB201405790D0 (en) 2014-05-14
GB201412719D0 (en) 2014-09-03
GB2523444B (en) 2016-05-18
GB201412718D0 (en) 2014-09-03
GB2512256A8 (en) 2015-07-01
US20150245182A1 (en) 2015-08-27
DE102015101620A1 (en) 2015-08-27
GB2512256B (en) 2015-04-15
GB2512501A (en) 2014-10-01
US10055570B2 (en) 2018-08-21
GB2512543B (en) 2015-02-11
DE102014012258A1 (en) 2015-08-27
DE102015101699B4 (en) 2019-12-24
GB2512749B (en) 2015-04-01
GB201415177D0 (en) 2014-10-08
GB201412717D0 (en) 2014-09-03
GB2515923B (en) 2015-06-03
DE102014012257B4 (en) 2015-12-03
GB2512747A (en) 2014-10-08
DE102015101698A1 (en) 2015-08-27
GB2513265B (en) 2016-10-26
DE102014012252A1 (en) 2015-08-27
GB2517844B (en) 2015-09-09
GB2512748A (en) 2014-10-08
GB2518120A (en) 2015-03-11
GB2512502A (en) 2014-10-01
US20150244648A1 (en) 2015-08-27
DE102014013471A1 (en) 2015-08-27
GB201501075D0 (en) 2015-03-11
US20150244565A1 (en) 2015-08-27
GB201405785D0 (en) 2014-05-14
DE102014012379A1 (en) 2015-08-27
US20150245220A1 (en) 2015-08-27
GB201405797D0 (en) 2014-05-14
DE102014012257A1 (en) 2015-08-27
US20150242614A1 (en) 2015-08-27
GB2512748B (en) 2015-02-18
GB201405786D0 (en) 2014-05-14

Similar Documents

Publication Publication Date Title
US20150245204A1 (en) Device authentication
US11146400B2 (en) Methods for verifying data integrity
USRE49876E1 (en) Secure configuration of a headless networking device
US10547613B1 (en) Simplified association of devices with a network using unique codes on the devices and side channel communication
US10693848B2 (en) Installation of a terminal in a secure system
EP3105904B1 (en) Assisted device provisioning in a network
US10862684B2 (en) Method and apparatus for providing service on basis of identifier of user equipment
Naeem et al. A scalable and secure RFID mutual authentication protocol using ECC for Internet of Things
EP2963959B1 (en) Method, configuration device, and wireless device for establishing connection between devices
EP2424185B1 (en) Method and device for challenge-response authentication
CN105191253A (en) Seamless device configuration in a communication network
EP1806869A1 (en) Communication device, and communication method
KR20180098589A (en) Network system for secure communication
CN108923927A (en) System and method for being connected to video camera supply dynamic Q R code with BLE
US10356090B2 (en) Method and system for establishing a secure communication channel
EP2993933B1 (en) Wireless terminal configuration method, apparatus and wireless terminal
KR20180119201A (en) Electronic device for authentication system
CN112566119A (en) Terminal authentication method and device, computer equipment and storage medium
CN107950003B (en) Method and device for dual-user authentication
KR102322605B1 (en) Method for setting secret key and authenticating mutual device of internet of things environment
CN114422216B (en) Internet of things equipment binding method, device and storage medium
KR20160146090A (en) Communication method and apparatus in smart-home system
CN111885595B (en) Intelligent household appliance configuration networking method, device and system
KR101709086B1 (en) security method and system thereof based context for Internet of Things environment
Lounis Security of short-range wireless technologies and an authentication protocol for IoT

Legal Events

Date Code Title Description
AS Assignment

Owner name: CAMBRIDGE SILICON RADIO LIMITED, UNITED KINGDOM

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:HEYDON, ROBIN;REEL/FRAME:033190/0786

Effective date: 20140522

AS Assignment

Owner name: QUALCOMM TECHNOLOGIES INTERNATIONAL, LTD., UNITED

Free format text: CHANGE OF NAME;ASSIGNOR:CAMBRIDGE SILICON RADIO LIMITED;REEL/FRAME:036663/0211

Effective date: 20150813

STCB Information on status: application discontinuation

Free format text: ABANDONED -- FAILURE TO RESPOND TO AN OFFICE ACTION