WO2005071922A1 - Method for authentication of external apparatuses in home or wireless networks - Google Patents
Method for authentication of external apparatuses in home or wireless networks Download PDFInfo
- Publication number
- WO2005071922A1 WO2005071922A1 PCT/IB2005/050167 IB2005050167W WO2005071922A1 WO 2005071922 A1 WO2005071922 A1 WO 2005071922A1 IB 2005050167 W IB2005050167 W IB 2005050167W WO 2005071922 A1 WO2005071922 A1 WO 2005071922A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- network
- values
- authentication
- apparatuses
- internal
- Prior art date
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0492—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload by using a location-limited connection, e.g. near-field communication or limited proximity of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/50—Secure pairing of devices
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/2803—Home automation networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/2803—Home automation networks
- H04L12/2807—Exchanging configuration information on appliance services in a home automation network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/2803—Home automation networks
- H04L12/283—Processing of data at an internetworking point of a home automation network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/2803—Home automation networks
- H04L2012/284—Home automation networks characterised by the type of medium used
- H04L2012/2841—Wireless
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/2803—Home automation networks
- H04L2012/2847—Home automation networks characterised by the type of home appliance used
- H04L2012/2849—Audio/video appliances
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/60—Context-dependent security
- H04W12/65—Environment-dependent, e.g. using captured environmental data
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W24/00—Supervisory, monitoring or testing arrangements
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W28/00—Network traffic management; Network resource management
- H04W28/16—Central resource management; Negotiation of resources or communication parameters, e.g. negotiating bandwidth or QoS [Quality of Service]
- H04W28/18—Negotiating wireless communication parameters
Definitions
- the invention relates to a method of authentication, particularly in home networks, between a network-internal and a network-external apparatus.
- ease of use is an important sales factor. It includes simple set-up procedures for consumer apparatuses such as televisions, video recorders, etc. 5
- the best home network configuration would thus be the configuration which is realized by means of automatic procedures without or with only minimal user interaction.
- Future consumer apparatuses CE apparatuses
- CE apparatuses will have a wireless connection.
- the wireless transmission extends beyond home limits and may consequently also be within range of a neighbor's apparatuses. It is thus susceptible to interception and unauthorized 10 access.
- the set-up of a wireless connection therefore comprises two further decisive factors: membership and security.
- a wireless connection can be established by means of automatic procedures, but an apparatus without any pre-configuration may not be sure that it is connected to the correct network or to a neighbor's network. Moreover, as far as no precautions are taken, the communication can easily be intercepted by a proximate apparatus. 15
- the apparatuses require a common database with reference to which they can determine whether they belong together, as well as joint security- relevant data such as, for example, a cryptographic key allowing them to protect their 20 communication from interception.
- This joint database must be installed during the configuration process.
- Conventional methods equip all apparatuses with a user interface for manual entry of the database or offer the user available options, for example, all visible wireless networks, for selection. These methods have considerable drawbacks as far as their ease of use is concerned, because the apparatuses require a corresponding user interface 25 (display screen, keyboard, etc.) and the user operation is prone to error, particularly with inexperienced users.
- an automatic procedure solving the membership problem is required.
- US 2003/0,095,521 Al discloses a network scheme in which access of short-range network apparatuses to WAN/Internet networks is realized via a kind of "access apparatus" such as, for example, Handy or PDA having a link with both networks.
- the authentication between the "access apparatus" and the terminal of the short-range network is realized via a PIN entry.
- the short- range network may be managed by a third party, for example, a telecommunication provider.
- the apparatuses via the user, the seller or the provider are integrated in the network via a PIN pre-registration. This process is performed either via a website or directly via an "access apparatus".
- the PIN is preferably supplied together with the apparatus.
- the known methods have in common that they require user interactions in the form of manual entries, for example, a PIN. Such interactions require corresponding user interfaces and, particularly among inexperienced users, they are prone to error and prove to be inconvenient, particularly for this user group. Moreover, access to the short-range network in the known systems is not spatially defined so that the risk of unauthorized access or interception cannot be excluded.
- This object is achieved in that the authentication between a network-internal apparatus and a wireless network-external apparatus is based on a comparison of the values of both apparatuses, which values result from their separate measurements of at least one predefined ambient parameter.
- a new apparatus which is to be integrated by means of an automatic procedure in a wireless network first scans the frequency spectrum and establishes a connection with a network-internal apparatus which it has found, for example, an access point. Such a procedure is standardized, for example, in IEEE802.1 1.
- This new apparatus must determine whether it is connected to the correct partner (and not to, for example, a neighbor's apparatus), while the network-internal apparatus must determine whether the new apparatus is authorized to be integrated in the network.
- the invention proposes a solution to this problem which is based on the evaluation of the characteristics of home networks. Two apparatuses check in the following way whether they belong to the same network: one apparatus selects an ambient variable or a set of such variables (such as, for example, temperature, light, etc.) which unambiguously defines the home and, consequently, the home network and transmits these variables to the other apparatus. Subsequently, both apparatuses perform a measurement of the corresponding ambient values and exchange the results.
- both apparatuses know that they belong to one and the same network, and the configuration process, in which the network-internal apparatus sends further configuration parameters to the new apparatus, can be continued.
- the object is further achieved by a method, in which the required configuration data are sent from the network-internal apparatus to the wireless network- external apparatus in an encrypted manner and in which the encryption is based on the values of measured, predefined ambient parameters.
- the ambient parameters consist of acoustic and/or optical signals generated by the network-internal apparatus. Defined, time- constant and physically measurable ambient properties are generated thereby, so that deviations between the measured values of the network-external and the network-internal apparatus, caused by measurement time shifts, are excluded.
- Ambient parameters which change upon each request by the network-internal apparatus are defined. It is thereby prevented that an external apparatus repeats the authentication with changing (for example, automatically generated) values until the corresponding values are detected. Alternatively or additionally, the authentication method may be supplemented with further mechanisms so that, for example, after a predefined number of authentication attempts by an external apparatus, further attempts by this apparatus are automatically denied for a given period of time.
- the defined ambient parameters have time-dynamic values. It is thereby prevented that an external apparatus intercepts a successful authentication and retransmits the transmitted data at a later point of time so as to authenticate itself (referred to as "replay attack").
- the internal apparatus may itself add defined values or values generated by a random number generator to the communication, which values are transmitted back by the external apparatus in an encrypted form, together with the measured values.
- the invention is based on the principle that the values measurable in the ambience of the network are equal for all participating apparatuses at the instant when the apparatuses are to be configured automatically. However, these values are not detectable by apparatuses outside the considered ambience, i.e. outside the home. Further embodiments of the invention are defined in the dependent claims.
- Fig. 1 shows the arrangement of a home network
- Fig. 2 shows the flow chart of the method according to the invention, with value comparison
- Fig. 3 shows the flow chart of the method according to the invention, with ambient value encryption.
- a home network 1 is arranged with internal apparatuses 21, 22, 23, 24, 25 to which a network-external notebook 3 requests access.
- the notebook 3 After the notebook 3 has performed a scan of available wireless networks, it establishes, for a network authentication, a connection as shown in Fig. 2 with the network-internal access point 21 which is a member of the selected network 1.
- the access point 21 sends the ambient parameters "temperature” and "acoustic frequency" to the notebook 3. Subsequently, the access point 21 generates an acoustic signal at the frequency F A .
- the network-internal access point 21 as well as the network-external notebook 3 now measures the ambient parameters "temperature” and "acoustic frequency", with the latter measurement on the part of the access point 21 being canceled because this frequency was generated by the access point 21 itself.
- the notebook 3 After the notebook 3 has passed on its measured values T N , F N to the access point 21 , it compares the obtained values with the self-determined values.
- the access point 21 sends the required configuration data to the notebook 3 which performs the corresponding configuration and subsequently connects it to the network 1.
- the notebook 3 is denied access to the network 1.
- the notebook 3 repeats this procedure with an apparatus of another available network.
- this method still does not provide adequate protection from interception.
- the state of the art offers different methods of securing the communication between the apparatuses.
- the network-internal apparatus access point 21
- the network-external apparatus notebook 3
- Such a method is, for example, the symmetrical Hellman encryption in which each apparatus exchanges half of its key, or the asymmetric private/public encryption principle in which the apparatuses exchange their public keys.
- the required keys are suitably exchanged before sending the ambient parameters from the network-internal apparatus (access point 21) to the network-external apparatus (notebook 3).
- the access point 21 directly sends the required configuration data to the notebook 3, which data are, however, encoded on the basis of the determined values "temperature T A " and "acoustic frequency F A ". If the ambient values T N , F N passed on by notebook 3 correspond to those of the access point 21, the transmitted configuration data can be decrypted and the connection with the network 1 can be subsequently established. If, in the opposite case, the transmitted configuration data cannot be decrypted by the notebook 3, no connection can be established with the network 1.
- the proposed methods represent a new paradigma for authentication of a new apparatus in an existing home network, which is based on the interaction between the apparatuses and their ambience.
- Security-relevant data are the measured results of some defined ambient variables which are determined separately by the new apparatus which is to be configured, and one of the apparatuses already registered in the network.
- the apparatus which has already been registered serves as the authenticator in this case.
- Suitable ambient variables for authentication are, for example, also the acoustic signature of the space or a "fingerprint" of the instantaneous acoustic ambience (such as, for example, an operating air-conditioning apparatus or currently playing music).
- an ultrasound signal can be generated by the network-internal apparatus.
- modulated light signals visible or infrared
- air temperature humidity - light intensity of the ambience a (possibly weighted) mixture of a plurality of parameters.
- the simultaneous measurements by the network-external apparatus to be configured and the network-internal apparatus counteracts faults in the home network, which may be caused by temporal changes of the ambience.
- the use of common ambient characteristics is also possible for authenticating apparatuses in power line communication networks which are also vulnerable to interception and unauthorized access because of their internal connections.
- the use of these characteristics is also suitable for arranging a home network between two apparatuses.
- one apparatus is to be assigned the role of the "network-internal" apparatus and the other the role of the "network-external” apparatus. Guest access is also possible.
- the proposed method is also applicable in ad hoc networks which are formed, for example, between arbitrary apparatuses without any access to infrastructure and without pre-exchanged keys. In any case, it should be ensured that unauthorized apparatuses that are present in the same ambience cannot perform the ambient parameter procedure for authentication.
Abstract
Description
Claims
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
EP05702677A EP1712062A1 (en) | 2004-01-23 | 2005-01-14 | Method for authentication of external apparatuses in home or wireless networks |
JP2006550388A JP2007519355A (en) | 2004-01-23 | 2005-01-14 | Authentication method of external device in home network or wireless network |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
EP04100230 | 2004-01-23 | ||
EP04100230.4 | 2004-01-23 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2005071922A1 true WO2005071922A1 (en) | 2005-08-04 |
Family
ID=34802678
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/IB2005/050167 WO2005071922A1 (en) | 2004-01-23 | 2005-01-14 | Method for authentication of external apparatuses in home or wireless networks |
Country Status (5)
Country | Link |
---|---|
EP (1) | EP1712062A1 (en) |
JP (1) | JP2007519355A (en) |
KR (1) | KR20060132876A (en) |
CN (1) | CN1910884A (en) |
WO (1) | WO2005071922A1 (en) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2016173977A1 (en) * | 2015-04-30 | 2016-11-03 | Deutsche Telekom Ag | Actuating home automation functions |
WO2018022217A1 (en) * | 2016-07-25 | 2018-02-01 | Qualcomm Incorporated | Proximity sensing using spectral analysis |
US11310667B2 (en) | 2016-12-30 | 2022-04-19 | Avl List Gmbh | Communication by a network node in a data network |
Families Citing this family (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP4781135B2 (en) * | 2006-03-15 | 2011-09-28 | 富士通株式会社 | Authentication method and authentication system |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5719950A (en) * | 1994-03-24 | 1998-02-17 | Minnesota Mining And Manufacturing Company | Biometric, personal authentication system |
WO2003054654A2 (en) * | 2001-12-21 | 2003-07-03 | Nokia Corporation | Location-based novelty index value and recommendation system and method |
WO2003075125A2 (en) * | 2002-03-01 | 2003-09-12 | Enterasys Networks, Inc. | Location aware data network |
US20030182555A1 (en) * | 2000-08-27 | 2003-09-25 | Labaton Issac J | Methods and device for digitally signing data |
EP1372298A1 (en) * | 2002-06-14 | 2003-12-17 | TeliaSonera Finland Oyj | Method of transferring user data of a data transmission device of a wireless local area network, and wireless local area network system |
-
2005
- 2005-01-14 JP JP2006550388A patent/JP2007519355A/en active Pending
- 2005-01-14 KR KR1020067014748A patent/KR20060132876A/en not_active Application Discontinuation
- 2005-01-14 EP EP05702677A patent/EP1712062A1/en not_active Withdrawn
- 2005-01-14 WO PCT/IB2005/050167 patent/WO2005071922A1/en not_active Application Discontinuation
- 2005-01-14 CN CNA2005800028881A patent/CN1910884A/en active Pending
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5719950A (en) * | 1994-03-24 | 1998-02-17 | Minnesota Mining And Manufacturing Company | Biometric, personal authentication system |
US20030182555A1 (en) * | 2000-08-27 | 2003-09-25 | Labaton Issac J | Methods and device for digitally signing data |
WO2003054654A2 (en) * | 2001-12-21 | 2003-07-03 | Nokia Corporation | Location-based novelty index value and recommendation system and method |
WO2003075125A2 (en) * | 2002-03-01 | 2003-09-12 | Enterasys Networks, Inc. | Location aware data network |
EP1372298A1 (en) * | 2002-06-14 | 2003-12-17 | TeliaSonera Finland Oyj | Method of transferring user data of a data transmission device of a wireless local area network, and wireless local area network system |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2016173977A1 (en) * | 2015-04-30 | 2016-11-03 | Deutsche Telekom Ag | Actuating home automation functions |
WO2018022217A1 (en) * | 2016-07-25 | 2018-02-01 | Qualcomm Incorporated | Proximity sensing using spectral analysis |
US11310667B2 (en) | 2016-12-30 | 2022-04-19 | Avl List Gmbh | Communication by a network node in a data network |
Also Published As
Publication number | Publication date |
---|---|
CN1910884A (en) | 2007-02-07 |
JP2007519355A (en) | 2007-07-12 |
KR20060132876A (en) | 2006-12-22 |
EP1712062A1 (en) | 2006-10-18 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US7860485B2 (en) | Device and process for wireless local area network association and corresponding products | |
CN103596173B (en) | Wireless network authentication method, client and service end wireless network authentication device | |
US7603557B2 (en) | Communication device, communication system and authentication method | |
EP1589695B1 (en) | A method for the access of the mobile terminal to the WLAN and for the data communication via the wireless link securely | |
US7941122B2 (en) | Device and process for wireless local area network association | |
JP4613969B2 (en) | Communication apparatus and communication method | |
CN101217805B (en) | A wireless LAN access control method | |
CN105828332B (en) | improved method of wireless local area network authentication mechanism | |
US20060161774A1 (en) | Authentication method and system between device with small computational resources and device using public key | |
US8819415B2 (en) | Method and device for authenticating personal network entity | |
GB2418819A (en) | System which transmits security settings in authentication response message | |
JP2009212732A5 (en) | ||
US20210250177A1 (en) | SYSTEM AND METHOD FOR BLOCKCHAIN-BASED MULTI-FACTOR SECURITY AUTHENTICATION BETWEEN MOBILE TERMINAL AND IoT DEVICE | |
KR20070074397A (en) | Ownership sharing method and apparatus using secret key in home network remote-controller | |
US20230328524A1 (en) | Non-3gpp device access to core network | |
WO2005071922A1 (en) | Method for authentication of external apparatuses in home or wireless networks | |
US20210392120A1 (en) | Secure device coupling | |
CN110876142A (en) | Identification-based wifi authentication method | |
Janesko | Bluetooth low energy security analysis framework | |
US20230239145A1 (en) | Method and device for managing a pairing request of a first device with a second device | |
US20190166495A1 (en) | Device authentication | |
KR100924315B1 (en) | Authentification system of wireless-lan with enhanced security and authentifiaction method thereof | |
WO2020239179A1 (en) | Distributed access control | |
CN117082501A (en) | Mobile terminal data encryption method | |
EP1615387A1 (en) | Device and process for wireless local area network association |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AK | Designated states |
Kind code of ref document: A1 Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BW BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE EG ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NA NI NO NZ OM PG PH PL PT RO RU SC SD SE SG SK SL SY TJ TM TN TR TT TZ UA UG US UZ VC VN YU ZA ZM ZW |
|
AL | Designated countries for regional patents |
Kind code of ref document: A1 Designated state(s): BW GH GM KE LS MW MZ NA SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IS IT LT LU MC NL PL PT RO SE SI SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG |
|
121 | Ep: the epo has been informed by wipo that ep was designated in this application | ||
WWE | Wipo information: entry into national phase |
Ref document number: 2005702677 Country of ref document: EP |
|
WWE | Wipo information: entry into national phase |
Ref document number: 200580002888.1 Country of ref document: CN Ref document number: 2006550388 Country of ref document: JP Ref document number: 1020067014748 Country of ref document: KR |
|
WWP | Wipo information: published in national office |
Ref document number: 2005702677 Country of ref document: EP |
|
WWP | Wipo information: published in national office |
Ref document number: 1020067014748 Country of ref document: KR |
|
WWW | Wipo information: withdrawn in national office |
Ref document number: 2005702677 Country of ref document: EP |