WO2006136969A1 - System comprising a first device and a second device - Google Patents
System comprising a first device and a second device Download PDFInfo
- Publication number
- WO2006136969A1 WO2006136969A1 PCT/IB2006/051880 IB2006051880W WO2006136969A1 WO 2006136969 A1 WO2006136969 A1 WO 2006136969A1 IB 2006051880 W IB2006051880 W IB 2006051880W WO 2006136969 A1 WO2006136969 A1 WO 2006136969A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- information
- control authority
- supplying
- information carrier
- carrier
- Prior art date
Links
- 238000013475 authorization Methods 0.000 claims abstract description 36
- 239000000969 carrier Substances 0.000 claims abstract description 14
- 238000012795 verification Methods 0.000 claims abstract description 9
- 230000015654 memory Effects 0.000 claims description 17
- 238000000034 method Methods 0.000 claims description 6
- 230000006870 function Effects 0.000 claims description 4
- 230000009471 action Effects 0.000 description 7
- 239000013256 coordination polymer Substances 0.000 description 5
- 230000004044 response Effects 0.000 description 5
- 230000008878 coupling Effects 0.000 description 4
- 238000010168 coupling process Methods 0.000 description 4
- 238000005859 coupling reaction Methods 0.000 description 4
- 230000003213 activating effect Effects 0.000 description 2
- 230000005540 biological transmission Effects 0.000 description 2
- 230000008859 change Effects 0.000 description 2
- 230000000875 corresponding effect Effects 0.000 description 2
- 230000001419 dependent effect Effects 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 102000002067 Protein Subunits Human genes 0.000 description 1
- 108010001267 Protein Subunits Proteins 0.000 description 1
- 230000008901 benefit Effects 0.000 description 1
- 230000021615 conjugation Effects 0.000 description 1
- 230000002596 correlated effect Effects 0.000 description 1
- 230000010354 integration Effects 0.000 description 1
- 238000000060 site-specific infrared dichroism spectroscopy Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/2803—Home automation networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/2803—Home automation networks
- H04L12/2816—Controlling appliance services of a home automation network by calling their functionalities
- H04L12/282—Controlling appliance services of a home automation network by calling their functionalities based on user interaction within the home
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/04—Key management, e.g. using generic bootstrapping architecture [GBA]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/10—Integrity
Definitions
- a prior art system is known from WO 2004/025901, which discloses a wireless network comprising an old device (a first device).
- Each new device (a second device) needs to be installed on the network and needs to acquire knowledge of the network characteristics before it can communicate and exchange data and control information with the old device (the first device) on the network.
- an entry module (an information carrier) is introduced for enabling inputting a set of security parameters.
- the known system is disadvantageous, inter alia, owing to the fact that it does not distinguish between different users having different authorizations.
- the first information is supplied to the second device directly or indirectly via an other device for verifying an authorization of a control authority.
- the first information may further be used for introducing the second device to the system, in other words for allowing the second device to share the network.
- Such an introduction may be initiated by the second device for example in response to a reception of the first information or may be initiated by for example the first device for example in response to a timed action.
- the second information is supplied to the first device directly or indirectly via an other device for authorizing the first device as the control authority. Via the control authority, the system can be managed. Such a management may be performed directly via the first device comprising the control authority, or may be performed indirectly via the second device and/or an other device.
- Fig. 2 shows diagrammatically in greater detail a first device according to the invention and a second information carrier according to the invention
- Fig. 3 shows diagrammatically in greater detail a second device according to the invention and a first information carrier according to the invention.
- the system 1 according to the invention shown in Fig. 1 comprises a first device 11 according to the invention and a second device 12 according to the invention and a third device 13 and a fourth device 14 and a first information carrier 21 according to the invention and a second information carrier 22 according to the invention.
- the devices 11-14 are coupled to each other via a bus 15. Other and/or further wired and/or wireless couplings between (two or more of) the devices 11-14 are not to be excluded.
- the first information carrier 21 supplies first information 31 to the second device 12 for verifying an authorization of a control authority
- the second information carrier 22 supplies second information 32 to the first device 11 for authorizing the first device 11 as the control authority.
- first incoming power 41 is supplied from the second device 12 to the first information carrier 21
- second incoming power 42 is supplied from the first device 11 to the second information carrier 22.
- the information carriers might be provided with batteries etc.
- the first and second information 31 and 32 may be exchanged in a wired or wireless way and/or the first and second incoming power 41 and 42 may be exchanged in a wired or wireless way, similarly or differently from the way the information 31 and 32 is exchanged.
- the first device 11 comprises an antenna coupled to an antenna interface 62 which is coupled to a receiver 61 and to a transmitter 63. All units 61-63 are further coupled to a controller 64, which is further coupled to a storage unit 65, to a bus interface 67 and to a processor 68.
- the second information carrier 22 according to the invention shown in Fig. 2 comprises an antenna coupled to an antenna interface 52 which is coupled to a receiver 53 and to a transmitter 51. All units 51-53 are further coupled to a controller 54, which is further coupled to a memory 55,56.
- the receiver 61 receives the second information 32 from the second information carrier 22.
- the memory 55,56 stores the second information 32 and the transmitter 51 transmits the second information 32.
- the first device 11 for example comprises a set top box, and its processor 68 comprises and/or represents the set top box functions and may be further coupled to a cable not shown and/or a unit not shown such as a satellite receiver.
- the third device 13 for example comprises a television receiver and the fourth device 14 for example comprises an audio amplifier.
- the devices 13 and 14 are coupled to each other and to the first device 11 via the bus 15 and may be coupled further to each other and/or to a cable not shown and/or a unit not shown.
- the devices 11, 13 and 14 are for example so-called Universal Plug and Play devices or UPnP devices.
- the first information 31 for example comprises a public key, and for example further comprises link credentials and/or Universal Plug and Play related items.
- the public key is for example used to allow a verification of an authorization of a control authority.
- the first information 31 may further be used for introducing the second device 12 to the system 1, in other words for allowing the second device 12 to share the network.
- Such an introduction may be initiated by the second device 12 for example in response to a reception of the first information 31 or may be initiated by for example the first device 11 for example in response to a timed action.
- one of the items may for example comprise a shared secret for introducing the second device 12 to the system 1, in other words for allowing the second device 12 to share the network.
- the second information 32 for example comprises a public key stored in the memory 55 and a private key stored in the memory 56, and for example further comprises the link credentials and/or the Universal Plug and Play related items.
- one memory in the second information carrier 22 may be used for storing both keys.
- the combination of the public key and the private key is for example used for authorizing the first device 11 as the control authority.
- the controller 64 performs one or more operations and/or calculations based on the keys, for example to produce a digital signature with the private key (which cannot be done without knowing the private key).
- This digital signature is supplied to the second device 12 via the bus 15, and for example the controller 84 checks this digital signature with the public key (to verify the authorization of the control authority).
- the second information 32 is supplied to the first device 11 directly or indirectly via an other device for authorizing the first device 11 as the control authority. Via the control authority, the system 1 can be managed. Such a management may be performed directly via the first device 11 comprising the control authority, or may be performed indirectly via the second device 12 and/or an other device 13 or 14.
- the storage unit 65 stores at least a part of the second information 32 during a first time interval and the second storage unit 85 stores at least a part of the first information 31 during a second time interval.
- the first time interval should generally be shorter than the second time interval.
- At least a part of the first information 31 such as for example the public key will generally be stored as long as the second device 12 forms part of the system 1.
- At least a part of the second information 32 such as for example the private key will generally be stored as long as one or more devices 11-14 need to be managed, an other part of the second information such as for example the public key may be stored for a longer duration. So, the first device 11 can act as the control authority only as long as it holds the first information 31. This offers an improved security.
- the "blue” SKT contains for example wireless link credentials (a SSID, a link master key, etc.), a public key and optional items such as UPnP related items (a "CP secret” for verification of a new UPnP Control, a "SC secret” for ownership as described below etc.).
- the "red” SKT (“administrator card”) contains for example the private/public key pair corresponding to the public key from the "blue” SKT. The user is instructed to keep the "red” SKT at a safe place.
- the blue SKT For the initial configuration of a new device only the blue SKT is used.
- an initial "SKT step” e.g. touching a tag, if the SKT is a RF-ID tag
- the information from the blue SKT (as listed above) is inserted into any new device when it is integrated.
- the term “device” is not correlated to the term “device” as used in UPnP, but covers all of the UPnP categories device, security console and control point. Two options may be present for handling ownership with the public key:
- All access control lists ACLs in the devices are initially set to general default values, dependent on the vendors preferences, e.g.:
- the user wants to modify the access control settings in the system (protect some actions, such that they can only be performed by authorized users or protect some content, such that it can only be accessed by authorized users, e.g. parents, and not by unauthorized users, e.g. children).
- the user takes the red SKT, goes to a device with a security console functionality (e.g. a PC).
- a security console functionality e.g. a PC
- the device Via a SKT step (e.g. touching a tag, if the SKT is an RF-ID tag), the device turns on the security console functionality and stores the private/public key pair from the SKT in its storage unit such as a random access memory.
- any access control management actions can be performed (the devices verify the knowledge of the private key with the corresponding public key, which is a technology common in the art).
- the public key is known from the initial configuration. Standard service discovery procedures show the devices at the security console.
- a take- ownership may be necessary.
- a take-ownership is to be performed to the selected device if the security console is not yet the owner.
- the "security console secret" should be used for the secret in the take-ownership.
- the security console application may have to decide, which CPs belong to the network (or trust the link security and accept all visible CPs). If a CP has to verify its authorization, "present-key" has to be performed with the "CP secret”. The user now can perform access control management actions, i.e. define access limitations to content or functions. Afterwards the user turns off the security console or the security console functionality. Then, the private key is erased from its memory. According to an implementation option, there is a slot for the (red) SKT and the security console functionality is turned on when the card is inserted and turned off, if it is removed.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Automation & Control Theory (AREA)
- Human Computer Interaction (AREA)
- Storage Device Security (AREA)
Abstract
Systems (1) comprising first devices (11) and second devices (12) are provided with first information carriers (21) for supplying first information (31) to the second devices (12) for verifying authorizations of control authorities and with second information carriers (22) for supplying second information (32) to the first devices (11) for authorizing the first devices (11) as the control authorities. The first information carriers (21) can be used by fully authorized users (parents) as well as by partly authorized users (children) and the second information carriers (22) can be used by fully authorized users (parents) only. The information carriers (21,22) may be battery less transponders. The first information (31) comprises a public key and the second information (32) comprising a private key and the public key. The public key allows verifications of authorizations of control authorities, and the combination of the private key and the public key allows authorizations of the first devices (11) as the control authorities. The information (31,32) may further comprise link credentials and/or Universal Plug and Play related items.
Description
System comprising a first device and a second device
The invention relates to a system comprising a first device and a second device, and also relates to a first device, to a second device, to a first information carrier, to a second information carrier, to a method, to a processor program product and to a signal.
Examples of such a system are networks such as wired and wireless home networks. Examples of such a device are consumer products.
A prior art system is known from WO 2004/025901, which discloses a wireless network comprising an old device (a first device). Each new device (a second device) needs to be installed on the network and needs to acquire knowledge of the network characteristics before it can communicate and exchange data and control information with the old device (the first device) on the network. To configure the new device (the second device) easily, last and reliably, an entry module (an information carrier) is introduced for enabling inputting a set of security parameters. The known system is disadvantageous, inter alia, owing to the fact that it does not distinguish between different users having different authorizations.
It is an object of the invention, inter alia, to provide a system that allows different users to have different authorizations.
Further objects of the invention are, inter alia, to provide a first device, a second device, a first information carrier, a second information carrier, a method, a processor program product and a signal that allow different users to have different authorizations within such a system. A system according to the invention comprises a first device, a second device, a first information carrier for supplying first information to the second device for verifying an authorization of a control authority, and a second information carrier for supplying second information to the first device for authorizing the first device as the control authority.
By introducing at least two different information carriers, a first information carrier for supplying first information to the second device (the new device) for verifying an authorization of a control authority, and a second information carrier for supplying second information to the first device (the old device) for authorizing the first device (the old device) as the control authority, the first information carrier can be used by fully authorized users (parents) as well as by partly authorized users (children) and the second information carrier can be used by fully authorized users (parents) only. As a result, all users can introduce new devices to the system, but only some users can manage the devices of the system, via the control authority for example comprising managing means for example to change settings such as authorizations and/or time schedules.
The first information is supplied to the second device directly or indirectly via an other device for verifying an authorization of a control authority. The first information may further be used for introducing the second device to the system, in other words for allowing the second device to share the network. Such an introduction may be initiated by the second device for example in response to a reception of the first information or may be initiated by for example the first device for example in response to a timed action. The second information is supplied to the first device directly or indirectly via an other device for authorizing the first device as the control authority. Via the control authority, the system can be managed. Such a management may be performed directly via the first device comprising the control authority, or may be performed indirectly via the second device and/or an other device.
The invention is further advantageous, inter alia, in that the user friendliness of the introduction of the devices as well as of the management of the devices is increased.
An embodiment of the system according to the invention is defined by the first device comprising a first receiver for receiving the second information from the second information carrier, the second device comprising a second receiver for receiving the first information from the first information carrier, the first information carrier comprising a first memory for storing the first information and a first transmitter for transmitting the first information, and the second information carrier comprising a second memory for storing the second information and a second transmitter for transmitting the second information. The first and second receivers may receive the information wiredly or wirelessly and directly or indirectly. The first and second transmitters may transmit the information wiredly or wirelessly and directly or indirectly. This embodiment is advantageous in that it is of a low complexity.
An embodiment of the system according to the invention is defined by the first information carrier further comprising a third receiver for receiving first incoming power and the second information carrier further comprising a fourth receiver for receiving second incoming power, the information carriers being battery less transponders. The first and second receivers receive the information wirelessly and the first and second transmitters transmit the information wirelessly. The third and fourth receivers receive the incoming power or incoming electromagnetic signals wirelessly and in response activate the first and second transmitters. This embodiment is advantageous in that it is very user friendly. The first and second memories need to be battery less memories. An embodiment of the system according to the invention is defined by the first information comprising a public key and the second information comprising a private key and the public key. The public key allows a verification of an authorization of a control authority, and the combination of the private key and the public key allows an authorization of the first device as the control authority. This embodiment is advantageous in that it allows the control authority to produce a digital signature with the private key (which cannot be done without knowing the private key) that is checked with the public key by the second device. Alternative kinds of information are not to be excluded.
An embodiment of the system according to the invention is defined by the first information further comprising link credentials and/or the second information further comprising the link credentials. The link credentials define characteristics of the links in the system. This embodiment is advantageous in that it offers more possibilities.
An embodiment of the system according to the invention is defined by the first information further comprising Universal Plug and Play related items and/or the second information further comprising the Universal Plug and Play related items. The Universal Plug and Play related items define characteristics of the plug and play facilities of the system. Such characteristics may be the same for two or more Plug and Play facilities or may be different per Plug and Play facility. One of the items may for example comprise a shared secret for introducing a device to the system, in other words for allowing the device to share the network. This embodiment is advantageous in that it offers more possibilities. An embodiment of the system according to the invention is defined by the first device comprising a first storage unit for storing at least a part of the second information during a first time interval, the second device comprising a second storage unit for storing at least a part of the first information during a second time interval, the first time interval being shorter than the second time interval. A part of the first information such as for example the
public key will generally be stored as long as the second device forms part of the system. A part of the second information such as for example the private key will generally be stored as long as one or more devices need to be managed, an other part of the second information such as for example the public key may be stored for a longer duration. So, the first device can act as the control authority only as long as it holds the first information. This embodiment is advantageous in that it offers an improved security.
Embodiments of the first device according to the invention and of the second device according to the invention and of the first information carrier according to the invention and of the second information carrier according to the invention and of the method according to the invention and of the processor program product according to the invention and of the signal according to the invention correspond with the embodiments of the system according to the invention.
The invention is based upon an insight, inter alia, that a verification of an authorization of a control authority and an authorization of the first device as the control authority are to be separated from each other, and is based upon a basic idea, inter alia, that different information carriers should give different users different authorizations.
The invention solves the problem, inter alia, to provide a system that allows different users to have different authorizations, and is further advantageous, inter alia, in that the user friendliness of the introduction of the devices as well as of the management of the devices is increased.
These and other aspects of the invention will be apparent from and elucidated with reference to the embodiments(s) described hereinafter.
In the drawings:
Fig. 1 shows diagrammatically a system according to the invention comprising devices according to the invention and information carriers according to the invention,
Fig. 2 shows diagrammatically in greater detail a first device according to the invention and a second information carrier according to the invention, and Fig. 3 shows diagrammatically in greater detail a second device according to the invention and a first information carrier according to the invention.
The system 1 according to the invention shown in Fig. 1 comprises a first device 11 according to the invention and a second device 12 according to the invention and a third device 13 and a fourth device 14 and a first information carrier 21 according to the invention and a second information carrier 22 according to the invention. The devices 11-14 are coupled to each other via a bus 15. Other and/or further wired and/or wireless couplings between (two or more of) the devices 11-14 are not to be excluded.
The first information carrier 21 supplies first information 31 to the second device 12 for verifying an authorization of a control authority, and the second information carrier 22 supplies second information 32 to the first device 11 for authorizing the first device 11 as the control authority. In case of the information carriers 21 and 22 being battery less transponders, first incoming power 41 is supplied from the second device 12 to the first information carrier 21 and second incoming power 42 is supplied from the first device 11 to the second information carrier 22. Alternatively, the information carriers might be provided with batteries etc. The first and second information 31 and 32 may be exchanged in a wired or wireless way and/or the first and second incoming power 41 and 42 may be exchanged in a wired or wireless way, similarly or differently from the way the information 31 and 32 is exchanged.
The first device 11 according to the invention shown in Fig. 2 comprises an antenna coupled to an antenna interface 62 which is coupled to a receiver 61 and to a transmitter 63. All units 61-63 are further coupled to a controller 64, which is further coupled to a storage unit 65, to a bus interface 67 and to a processor 68. The second information carrier 22 according to the invention shown in Fig. 2 comprises an antenna coupled to an antenna interface 52 which is coupled to a receiver 53 and to a transmitter 51. All units 51-53 are further coupled to a controller 54, which is further coupled to a memory 55,56. The receiver 61 receives the second information 32 from the second information carrier 22. The memory 55,56 stores the second information 32 and the transmitter 51 transmits the second information 32. The receiver 53 receives the second incoming power 42 for example from the transmitter 63, without excluding other sources for transmitting such power. The second device 12 according to the invention shown in Fig. 3 comprises an antenna coupled to an antenna interface 82 which is coupled to a receiver 81 and to a transmitter 83. All units 81-83 are further coupled to a controller 84, which is further coupled to a storage unit 85, to a bus interface 87 and to a processor 88. The first information carrier 21 according to the invention shown in Fig. 3 comprises an antenna coupled to an antenna
interlace 72 which is coupled to a receiver 73 and to a transmitter 71. All units 71-73 are further coupled to a controller 74, which is further coupled to a memory 75.
The receiver 81 receives the first information 31 from the first information carrier 21. The memory 75 stores the first information 31 and the transmitter 71 transmits the first information 31. The receiver 73 receives the first incoming power 41 for example from the transmitter 83, without excluding other sources for transmitting such power.
The first device 11 for example comprises a set top box, and its processor 68 comprises and/or represents the set top box functions and may be further coupled to a cable not shown and/or a unit not shown such as a satellite receiver. The third device 13 for example comprises a television receiver and the fourth device 14 for example comprises an audio amplifier. The devices 13 and 14 are coupled to each other and to the first device 11 via the bus 15 and may be coupled further to each other and/or to a cable not shown and/or a unit not shown. The devices 11, 13 and 14 are for example so-called Universal Plug and Play devices or UPnP devices. The second device 12 for example comprises an audio/video recorder, and its processor 84 comprises and/or represents the recorder functions and may be further coupled to a cable not shown and/or a unit not shown. This second device is also for example a so- called Universal Plug and Play device or UPnP device, and needs to be added to the system 1. Thereto, the second device 12 is coupled to the bus 15 in a way common in the art. Then, the second device 12 needs to be introduced to the first device 11 (in case of this first device 11 comprising a security console) or to the system 1 via the first device 11 (in case of the system 1 comprising a security console and the first device 11 being defined as being an interface for new introductions).
Thereto, a user brings the first information carrier 21 within reach of the second device 12, and as a result, the first incoming power 41 is received by the receiver 73 and used for activating the first information carrier 21. Then the first information 31 as stored in the memory 75 is supplied to the second device 12 and stored in this second device 12 in its storage unit 85. As a result, the second device 12 can be introduced to the first device 11 and/or to the system 1. The first information 31 for example comprises a public key, and for example further comprises link credentials and/or Universal Plug and Play related items. The public key is for example used to allow a verification of an authorization of a control authority. The first information 31 may further be used for introducing the second device 12 to the system 1, in other words for allowing the second device 12 to share the network. Such an introduction
may be initiated by the second device 12 for example in response to a reception of the first information 31 or may be initiated by for example the first device 11 for example in response to a timed action. Thereto, one of the items may for example comprise a shared secret for introducing the second device 12 to the system 1, in other words for allowing the second device 12 to share the network.
In case for example the second device 12 needs to be managed, for example to change settings such as authorizations and/or time schedules, a user brings the second information carrier 22 within reach of the first device 11, and as a result, the second incoming power 42 is received by the receiver 53 and used for activating the second information carrier 22. Then the second information 32 as stored in the memory 55,56 is supplied to the first device 11 and stored in this first device 11 in its storage unit 65. As a result, the second device 12 can now be managed by a user via for example the first device 11.
The second information 32 for example comprises a public key stored in the memory 55 and a private key stored in the memory 56, and for example further comprises the link credentials and/or the Universal Plug and Play related items. Alternatively, one memory in the second information carrier 22 may be used for storing both keys. The combination of the public key and the private key is for example used for authorizing the first device 11 as the control authority. Thereto, for example the controller 64 performs one or more operations and/or calculations based on the keys, for example to produce a digital signature with the private key (which cannot be done without knowing the private key). This digital signature is supplied to the second device 12 via the bus 15, and for example the controller 84 checks this digital signature with the public key (to verify the authorization of the control authority).
By introducing at least two different information carriers 21 and 22 for verifying an authorization of a control authority and for authorizing a device as the control authority, the first information carrier 21 can be used by fully authorized users (parents) as well as by partly authorized users (children) and the second information carrier 22 can be used by fully authorized users (parents) only. As a result, all users can introduce a new device 12 to the system 1, but only some users can manage the devices 11-14 of the system 1. The first information 31 is supplied to the second device 12 directly or indirectly via an other device for verifying an authorization of a control authority. The first information may further be used for introducing the second device 12 to the system 1, in other words for allowing the second device 12 to share the network. The second information 32 is supplied to the first device 11 directly or indirectly via an other device for authorizing the first device 11 as the control authority. Via the control authority, the system 1 can be
managed. Such a management may be performed directly via the first device 11 comprising the control authority, or may be performed indirectly via the second device 12 and/or an other device 13 or 14.
Preferably the storage unit 65 stores at least a part of the second information 32 during a first time interval and the second storage unit 85 stores at least a part of the first information 31 during a second time interval. The first time interval should generally be shorter than the second time interval. At least a part of the first information 31 such as for example the public key will generally be stored as long as the second device 12 forms part of the system 1. At least a part of the second information 32 such as for example the private key will generally be stored as long as one or more devices 11-14 need to be managed, an other part of the second information such as for example the public key may be stored for a longer duration. So, the first device 11 can act as the control authority only as long as it holds the first information 31. This offers an improved security.
In Fig. 2 and 3, within each device 11 and 12 and within each information carrier 21 and 22, two or more units may be combined and each unit may be divided into sub- units, without departing from the scope of this invention. The information carriers 21 and 22 may be made of a lower complexity by coupling their memory to their transmitter and by letting their receiver activate their transmitter. Their antenna interface may comprise a coupling only or may comprise amplifiers, switches, duplexers, filters etc. Alternatively, different antennas may be used for transmission and reception. The devices 11 and 12 may be realized by integrating their processor and their controller. Their antenna interface may comprise a coupling only or may comprise amplifiers, switches, duplexers, filters etc. Alternatively, different antennas may be used for transmission and reception.
The target system is for example a home network, possibly wireless, with UPnP as technology for auto-configuration, discovery and control of the devices, including networked devices and services. The integration of the new devices is done with the first information carrier or first short range key transmitter SKT (e.g. touching an SKT RF-ID tag). In addition, this invention proposes, that the home user has a second information carrier or second short range key transmitter SKT. The respective first and second SKTs are sold as a bundle: a "blue" and a "red" one.
The "blue" SKT contains for example wireless link credentials (a SSID, a link master key, etc.), a public key and optional items such as UPnP related items (a "CP secret" for verification of a new UPnP Control, a "SC secret" for ownership as described below etc.). The "red" SKT ("administrator card") contains for example the private/public key pair
corresponding to the public key from the "blue" SKT. The user is instructed to keep the "red" SKT at a safe place.
For the initial configuration of a new device only the blue SKT is used. In an initial "SKT step" (e.g. touching a tag, if the SKT is a RF-ID tag) the information from the blue SKT (as listed above) is inserted into any new device when it is integrated. Here, the term "device" is not correlated to the term "device" as used in UPnP, but covers all of the UPnP categories device, security console and control point. Two options may be present for handling ownership with the public key:
- The public key is directly inserted as owner in the devices owner list (see remark below) or - The public key is just stored for later ownership verification and the device initially remains un-owned.
All access control lists ACLs in the devices are initially set to general default values, dependent on the vendors preferences, e.g.:
- All actions are allowed ("all"/"any"), such that no access restrictions are defined and security is only provided by the link security, until the ACL is modified by an authorized security console.
- All actions are forbidden until the ACL is modified by an authorized Security Console.
At some point in time the user wants to modify the access control settings in the system (protect some actions, such that they can only be performed by authorized users or protect some content, such that it can only be accessed by authorized users, e.g. parents, and not by unauthorized users, e.g. children). The user takes the red SKT, goes to a device with a security console functionality (e.g. a PC). Via a SKT step (e.g. touching a tag, if the SKT is an RF-ID tag), the device turns on the security console functionality and stores the private/public key pair from the SKT in its storage unit such as a random access memory. Only with the knowledge of the private key, any access control management actions can be performed (the devices verify the knowledge of the private key with the corresponding public key, which is a technology common in the art). The public key is known from the initial configuration. Standard service discovery procedures show the devices at the security console. In dependence of the ownership options above, a take- ownership may be necessary. In case of the later ownership verification as described above, a take-ownership is to be performed to the selected device if the security console is not yet the owner. For the secret in the take-ownership, the "security console secret" should be used.
Furthermore, the security console application may have to decide, which CPs belong to the network (or trust the link security and accept all visible CPs). If a CP has to
verify its authorization, "present-key" has to be performed with the "CP secret". The user now can perform access control management actions, i.e. define access limitations to content or functions. Afterwards the user turns off the security console or the security console functionality. Then, the private key is erased from its memory. According to an implementation option, there is a slot for the (red) SKT and the security console functionality is turned on when the card is inserted and turned off, if it is removed.
This way, a protection of the access control management is got. Only a user with access to the red SKT can do ACL editing. Since the red SKT is kept in a safe place, "theft of red SKT" should be unlikely. Children with an own security console can't do anything (their security console cannot become owner of any device). A "thrown away security console" can't do anything (the private/public key pair is not permanently stored).
It should be noted that the above-mentioned embodiments illustrate rather than limit the invention, and that those skilled in the art will be able to design many alternative embodiments without departing from the scope of the appended claims. In the claims, any reference signs placed between parentheses shall not be construed as limiting the claim. Use of the verb "to comprise" and its conjugations does not exclude the presence of elements or steps other than those stated in a claim. The article "a" or "an" preceding an element does not exclude the presence of a plurality of such elements. The invention may be implemented by means of hardware comprising several distinct elements, and by means of a suitably programmed computer. In the device claim enumerating several means, several of these means may be embodied by one and the same item of hardware. The mere fact that certain measures are recited in mutually different dependent claims does not indicate that a combination of these measures cannot be used to advantage.
Claims
1. A system (1) comprising a first device (11), a second device (12), a first information carrier (21) for supplying first information (31) to the second device (12) for verifying an authorization of a control authority, and a second information carrier (22) for supplying second information (32) to the first device (11) for authorizing the first device (11) as the control authority.
2. The system (1) as defined in claim 1, the first device (11) comprising a first receiver (61) for receiving the second information (32) from the second information carrier (22), the second device (12) comprising a second receiver (81) for receiving the first information (31) from the first information carrier (21), the first information carrier (21) comprising a first memory (75) for storing the first information (31) and a first transmitter (71) for transmitting the first information (31), and the second information carrier (22) comprising a second memory (55,56) for storing the second information (32) and a second transmitter (51) for transmitting the second information (32).
3. The system (1) as defined in claim 2, the first information carrier (21) further comprising a third receiver (73) for receiving first incoming power (41) and the second information carrier (22) further comprising a fourth receiver (53) for receiving second incoming power (42), the information carriers (21,22) being battery less transponders.
4. The system (1) as defined in claim 1, the first information (31) comprising a public key and the second information (32) comprising a private key and the public key.
5. The system (1) as defined in claim 4, the first information (31) further comprising link credentials and/or the second information (32) further comprising the link credentials.
6. The system (1) as defined in claim 4, the first information (31) further comprising Universal Plug and Play related items and/or the second information (32) further comprising the Universal Plug and Play related items.
7. The system (1) as defined in claim 4, the first device (11) comprising a first storage unit (65) for storing at least a part of the second information (32) during a first time interval, the second device (12) comprising a second storage unit (85) for storing at least a part of the first information (31) during a second time interval, the first time interval being shorter than the second time interval.
8. A first device (11) for use in a system (1) comprising the first device (11), a second device (12), a first information carrier (21) for supplying first information (31) to the second device (12) for verifying an authorization of a control authority, and a second information carrier (22) for supplying second information (32) to the first device (11) for authorizing the first device (11) as the control authority.
9. A second device (12) for use in a system (1) comprising a first device (11), the second device (12), a first information carrier (21) for supplying first information (31) to the second device (12) for verifying an authorization of a control authority, and a second information carrier (22) for supplying second information (32) to the first device (11) for authorizing the first device (11) as the control authority.
10. A first information carrier (21) for use in a system (1) comprising a first device (11), a second device (12), the first information carrier (21) for supplying first information (31) to the second device (12) for verifying an authorization of a control authority, and a second information carrier (22) for supplying second information (32) to the first device (11) for authorizing the first device (11) as the control authority.
11. A second information carrier (22) for use in a system (1) comprising a first device (11), a second device (12), a first information carrier (21) for supplying first information (31) to the second device (12) for verifying an authorization of a control authority, and the second information carrier (22) for supplying second information (32) to the first device (11) for authorizing the first device (11) as the control authority.
12. A method for use in a system (1) comprising a first device (11), a second device (12), a first information carrier (21) for supplying first information (31) to the second device (12) for verifying an authorization of a control authority, and a second information carrier (22) for supplying second information (32) to the first device (11) for authorizing the first device (11) as the control authority, the method comprising at least one of the steps of
- supplying the first information (31) from the first information carrier (21) to the second device (12),
- supplying the second information (32) from the second information carrier (22) to the first device (11), - verifying an authorization of a control authority based upon the first information (31), and
- authorizing the first device (11) as the control authority based upon the second information (32).
13. A processor program product for use in a system (1) comprising a first device (11), a second device (12), a first information carrier (21) for supplying first information (31) to the second device (12) for verifying an authorization of a control authority, and a second information carrier (22) for supplying second information (32) to the first device (11) for authorizing the first device (11) as the control authority, the processor program product comprising at least one of the functions of - supplying the first information (31) from the first information carrier (21) to the second device (12),
- supplying the second information (32) from the second information carrier (22) to the first device (11),
- verifying an authorization of a control authority based upon the first information (31), and - authorizing the first device (11) as the control authority based upon the second information
(32).
14. A signal for use in a system (1) comprising a first device (11), a second device (12), a first information carrier (21) for supplying first information (31) to the second device (12) for verifying an authorization of a control authority, and a second information carrier (22) for supplying second information (32) to the first device (11) for authorizing the first device (11) as the control authority, the signal comprising at least one of
- a first message defining the first information (31),
- a second message defining the second information (32), - a verification message for a verification of an authorization of a control authority based upon the first information (31), and
- an authorization message for an authorization of the first device (11) as the control authority based upon the second information (32).
Applications Claiming Priority (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| EP05105416.1 | 2005-06-20 | ||
| EP05105416 | 2005-06-20 |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| WO2006136969A1 true WO2006136969A1 (en) | 2006-12-28 |
Family
ID=37067530
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| PCT/IB2006/051880 WO2006136969A1 (en) | 2005-06-20 | 2006-06-13 | System comprising a first device and a second device |
Country Status (1)
| Country | Link |
|---|---|
| WO (1) | WO2006136969A1 (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105282159A (en) * | 2015-10-30 | 2016-01-27 | 青岛海尔智能家电科技有限公司 | User identity verification method, device and intelligent terminal |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2001072012A2 (en) * | 2000-03-23 | 2001-09-27 | Sun Microsystems, Inc. | System and method for inexpensively providing security and authentication over a communications channel |
| GB2408181A (en) * | 2003-11-13 | 2005-05-18 | Toshiba Res Europ Ltd | Configuring a wireless connection using a physical token containing two sets of configuration information |
| WO2005046165A1 (en) * | 2003-11-05 | 2005-05-19 | Koninklijke Philips Electronics N.V. | User control points in a network environment |
| WO2006018781A1 (en) * | 2004-08-16 | 2006-02-23 | Koninklijke Philips Electronics N.V. | Method and system for setting up a secure environment in wireless universal plug and play (upnp) networks |
-
2006
- 2006-06-13 WO PCT/IB2006/051880 patent/WO2006136969A1/en active Application Filing
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2001072012A2 (en) * | 2000-03-23 | 2001-09-27 | Sun Microsystems, Inc. | System and method for inexpensively providing security and authentication over a communications channel |
| WO2005046165A1 (en) * | 2003-11-05 | 2005-05-19 | Koninklijke Philips Electronics N.V. | User control points in a network environment |
| GB2408181A (en) * | 2003-11-13 | 2005-05-18 | Toshiba Res Europ Ltd | Configuring a wireless connection using a physical token containing two sets of configuration information |
| WO2006018781A1 (en) * | 2004-08-16 | 2006-02-23 | Koninklijke Philips Electronics N.V. | Method and system for setting up a secure environment in wireless universal plug and play (upnp) networks |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105282159A (en) * | 2015-10-30 | 2016-01-27 | 青岛海尔智能家电科技有限公司 | User identity verification method, device and intelligent terminal |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| KR101086399B1 (en) | System and method for building a home domain using a smart card containing information on a home network device | |
| JP4680918B2 (en) | System and method for assignment and use of media content subscription service privileges | |
| CN101682439B (en) | Method for using contents, method for sharing contents and device based on security level | |
| US7162634B2 (en) | Method for providing security on a powerline-modem network | |
| CN1656803B (en) | Digital rights management method and system | |
| EP1548605B1 (en) | Communication processing apparatus, communication control method, and computer program | |
| US20030061606A1 (en) | Method and apparatus for inhibiting functions of an electronic device according to predefined inhibit rules | |
| EP1686757B1 (en) | Method for managing consumption of digital contents within a client domain and devices implementing this method | |
| US20040203592A1 (en) | Introduction device, smart appliance and method of creating a federation thereof | |
| JP2013545907A (en) | Method of pairing mobile phone and automobile, and locking / unlocking system | |
| JP2011511350A (en) | Access control management method and apparatus | |
| KR20060116829A (en) | Connection linked rights protection | |
| KR20060061802A (en) | Hybrid device and person-based licensed domain architecture | |
| US6703923B2 (en) | Apparatus for providing security on a powerline-modem network | |
| US20070183597A1 (en) | Broadcast encryption based home security system | |
| KR20050033628A (en) | Security system for apparatuses in a network | |
| WO2006008695A1 (en) | Security system for wireless networks | |
| CN100444569C (en) | Access control system, access control device used for the same, and resource providing device | |
| KR20050026024A (en) | Security system for apparatuses in a wireless network | |
| CN101006701A (en) | Method and system for setting up a secure environment in wireless universal plug and play (UPnP) networks | |
| CN111741470B (en) | Apparatus, system and method for secure device coupling | |
| EP0989478B1 (en) | System for providing encrypted data, system for decrypting encrypted data and method for providing a communication interface in such a decrypting system | |
| US7882545B2 (en) | Secure wireless network | |
| WO2006136969A1 (en) | System comprising a first device and a second device | |
| CN103813310B (en) | Lock community apparatus and method and control device and method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| 121 | Ep: the epo has been informed by wipo that ep was designated in this application | ||
| NENP | Non-entry into the national phase |
Ref country code: DE |
|
| WWW | Wipo information: withdrawn in national office |
Country of ref document: DE |
|
| 122 | Ep: pct application non-entry in european phase |
Ref document number: 06756124 Country of ref document: EP Kind code of ref document: A1 |