WO2005071922A1 - Method for authentication of external apparatuses in home or wireless networks - Google Patents

Method for authentication of external apparatuses in home or wireless networks Download PDF

Info

Publication number
WO2005071922A1
WO2005071922A1 PCT/IB2005/050167 IB2005050167W WO2005071922A1 WO 2005071922 A1 WO2005071922 A1 WO 2005071922A1 IB 2005050167 W IB2005050167 W IB 2005050167W WO 2005071922 A1 WO2005071922 A1 WO 2005071922A1
Authority
WO
WIPO (PCT)
Prior art keywords
network
values
authentication
apparatuses
internal
Prior art date
Application number
PCT/IB2005/050167
Other languages
French (fr)
Inventor
Oliver Schreyer
Wolfgang Budde
Bozena Erdmann
Original Assignee
Philips Intellectual Property & Standards Gmbh
Koninklijke Philips Electronics N. V.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Philips Intellectual Property & Standards Gmbh, Koninklijke Philips Electronics N. V. filed Critical Philips Intellectual Property & Standards Gmbh
Priority to EP05702677A priority Critical patent/EP1712062A1/en
Priority to JP2006550388A priority patent/JP2007519355A/en
Publication of WO2005071922A1 publication Critical patent/WO2005071922A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0492Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload by using a location-limited connection, e.g. near-field communication or limited proximity of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/50Secure pairing of devices
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/2803Home automation networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/2803Home automation networks
    • H04L12/2807Exchanging configuration information on appliance services in a home automation network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/2803Home automation networks
    • H04L12/283Processing of data at an internetworking point of a home automation network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/2803Home automation networks
    • H04L2012/284Home automation networks characterised by the type of medium used
    • H04L2012/2841Wireless
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/2803Home automation networks
    • H04L2012/2847Home automation networks characterised by the type of home appliance used
    • H04L2012/2849Audio/video appliances
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/60Context-dependent security
    • H04W12/65Environment-dependent, e.g. using captured environmental data
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W24/00Supervisory, monitoring or testing arrangements
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W28/00Network traffic management; Network resource management
    • H04W28/16Central resource management; Negotiation of resources or communication parameters, e.g. negotiating bandwidth or QoS [Quality of Service]
    • H04W28/18Negotiating wireless communication parameters

Definitions

  • the invention relates to a method of authentication, particularly in home networks, between a network-internal and a network-external apparatus.
  • ease of use is an important sales factor. It includes simple set-up procedures for consumer apparatuses such as televisions, video recorders, etc. 5
  • the best home network configuration would thus be the configuration which is realized by means of automatic procedures without or with only minimal user interaction.
  • Future consumer apparatuses CE apparatuses
  • CE apparatuses will have a wireless connection.
  • the wireless transmission extends beyond home limits and may consequently also be within range of a neighbor's apparatuses. It is thus susceptible to interception and unauthorized 10 access.
  • the set-up of a wireless connection therefore comprises two further decisive factors: membership and security.
  • a wireless connection can be established by means of automatic procedures, but an apparatus without any pre-configuration may not be sure that it is connected to the correct network or to a neighbor's network. Moreover, as far as no precautions are taken, the communication can easily be intercepted by a proximate apparatus. 15
  • the apparatuses require a common database with reference to which they can determine whether they belong together, as well as joint security- relevant data such as, for example, a cryptographic key allowing them to protect their 20 communication from interception.
  • This joint database must be installed during the configuration process.
  • Conventional methods equip all apparatuses with a user interface for manual entry of the database or offer the user available options, for example, all visible wireless networks, for selection. These methods have considerable drawbacks as far as their ease of use is concerned, because the apparatuses require a corresponding user interface 25 (display screen, keyboard, etc.) and the user operation is prone to error, particularly with inexperienced users.
  • an automatic procedure solving the membership problem is required.
  • US 2003/0,095,521 Al discloses a network scheme in which access of short-range network apparatuses to WAN/Internet networks is realized via a kind of "access apparatus" such as, for example, Handy or PDA having a link with both networks.
  • the authentication between the "access apparatus" and the terminal of the short-range network is realized via a PIN entry.
  • the short- range network may be managed by a third party, for example, a telecommunication provider.
  • the apparatuses via the user, the seller or the provider are integrated in the network via a PIN pre-registration. This process is performed either via a website or directly via an "access apparatus".
  • the PIN is preferably supplied together with the apparatus.
  • the known methods have in common that they require user interactions in the form of manual entries, for example, a PIN. Such interactions require corresponding user interfaces and, particularly among inexperienced users, they are prone to error and prove to be inconvenient, particularly for this user group. Moreover, access to the short-range network in the known systems is not spatially defined so that the risk of unauthorized access or interception cannot be excluded.
  • This object is achieved in that the authentication between a network-internal apparatus and a wireless network-external apparatus is based on a comparison of the values of both apparatuses, which values result from their separate measurements of at least one predefined ambient parameter.
  • a new apparatus which is to be integrated by means of an automatic procedure in a wireless network first scans the frequency spectrum and establishes a connection with a network-internal apparatus which it has found, for example, an access point. Such a procedure is standardized, for example, in IEEE802.1 1.
  • This new apparatus must determine whether it is connected to the correct partner (and not to, for example, a neighbor's apparatus), while the network-internal apparatus must determine whether the new apparatus is authorized to be integrated in the network.
  • the invention proposes a solution to this problem which is based on the evaluation of the characteristics of home networks. Two apparatuses check in the following way whether they belong to the same network: one apparatus selects an ambient variable or a set of such variables (such as, for example, temperature, light, etc.) which unambiguously defines the home and, consequently, the home network and transmits these variables to the other apparatus. Subsequently, both apparatuses perform a measurement of the corresponding ambient values and exchange the results.
  • both apparatuses know that they belong to one and the same network, and the configuration process, in which the network-internal apparatus sends further configuration parameters to the new apparatus, can be continued.
  • the object is further achieved by a method, in which the required configuration data are sent from the network-internal apparatus to the wireless network- external apparatus in an encrypted manner and in which the encryption is based on the values of measured, predefined ambient parameters.
  • the ambient parameters consist of acoustic and/or optical signals generated by the network-internal apparatus. Defined, time- constant and physically measurable ambient properties are generated thereby, so that deviations between the measured values of the network-external and the network-internal apparatus, caused by measurement time shifts, are excluded.
  • Ambient parameters which change upon each request by the network-internal apparatus are defined. It is thereby prevented that an external apparatus repeats the authentication with changing (for example, automatically generated) values until the corresponding values are detected. Alternatively or additionally, the authentication method may be supplemented with further mechanisms so that, for example, after a predefined number of authentication attempts by an external apparatus, further attempts by this apparatus are automatically denied for a given period of time.
  • the defined ambient parameters have time-dynamic values. It is thereby prevented that an external apparatus intercepts a successful authentication and retransmits the transmitted data at a later point of time so as to authenticate itself (referred to as "replay attack").
  • the internal apparatus may itself add defined values or values generated by a random number generator to the communication, which values are transmitted back by the external apparatus in an encrypted form, together with the measured values.
  • the invention is based on the principle that the values measurable in the ambience of the network are equal for all participating apparatuses at the instant when the apparatuses are to be configured automatically. However, these values are not detectable by apparatuses outside the considered ambience, i.e. outside the home. Further embodiments of the invention are defined in the dependent claims.
  • Fig. 1 shows the arrangement of a home network
  • Fig. 2 shows the flow chart of the method according to the invention, with value comparison
  • Fig. 3 shows the flow chart of the method according to the invention, with ambient value encryption.
  • a home network 1 is arranged with internal apparatuses 21, 22, 23, 24, 25 to which a network-external notebook 3 requests access.
  • the notebook 3 After the notebook 3 has performed a scan of available wireless networks, it establishes, for a network authentication, a connection as shown in Fig. 2 with the network-internal access point 21 which is a member of the selected network 1.
  • the access point 21 sends the ambient parameters "temperature” and "acoustic frequency" to the notebook 3. Subsequently, the access point 21 generates an acoustic signal at the frequency F A .
  • the network-internal access point 21 as well as the network-external notebook 3 now measures the ambient parameters "temperature” and "acoustic frequency", with the latter measurement on the part of the access point 21 being canceled because this frequency was generated by the access point 21 itself.
  • the notebook 3 After the notebook 3 has passed on its measured values T N , F N to the access point 21 , it compares the obtained values with the self-determined values.
  • the access point 21 sends the required configuration data to the notebook 3 which performs the corresponding configuration and subsequently connects it to the network 1.
  • the notebook 3 is denied access to the network 1.
  • the notebook 3 repeats this procedure with an apparatus of another available network.
  • this method still does not provide adequate protection from interception.
  • the state of the art offers different methods of securing the communication between the apparatuses.
  • the network-internal apparatus access point 21
  • the network-external apparatus notebook 3
  • Such a method is, for example, the symmetrical Hellman encryption in which each apparatus exchanges half of its key, or the asymmetric private/public encryption principle in which the apparatuses exchange their public keys.
  • the required keys are suitably exchanged before sending the ambient parameters from the network-internal apparatus (access point 21) to the network-external apparatus (notebook 3).
  • the access point 21 directly sends the required configuration data to the notebook 3, which data are, however, encoded on the basis of the determined values "temperature T A " and "acoustic frequency F A ". If the ambient values T N , F N passed on by notebook 3 correspond to those of the access point 21, the transmitted configuration data can be decrypted and the connection with the network 1 can be subsequently established. If, in the opposite case, the transmitted configuration data cannot be decrypted by the notebook 3, no connection can be established with the network 1.
  • the proposed methods represent a new paradigma for authentication of a new apparatus in an existing home network, which is based on the interaction between the apparatuses and their ambience.
  • Security-relevant data are the measured results of some defined ambient variables which are determined separately by the new apparatus which is to be configured, and one of the apparatuses already registered in the network.
  • the apparatus which has already been registered serves as the authenticator in this case.
  • Suitable ambient variables for authentication are, for example, also the acoustic signature of the space or a "fingerprint" of the instantaneous acoustic ambience (such as, for example, an operating air-conditioning apparatus or currently playing music).
  • an ultrasound signal can be generated by the network-internal apparatus.
  • modulated light signals visible or infrared
  • air temperature humidity - light intensity of the ambience a (possibly weighted) mixture of a plurality of parameters.
  • the simultaneous measurements by the network-external apparatus to be configured and the network-internal apparatus counteracts faults in the home network, which may be caused by temporal changes of the ambience.
  • the use of common ambient characteristics is also possible for authenticating apparatuses in power line communication networks which are also vulnerable to interception and unauthorized access because of their internal connections.
  • the use of these characteristics is also suitable for arranging a home network between two apparatuses.
  • one apparatus is to be assigned the role of the "network-internal" apparatus and the other the role of the "network-external” apparatus. Guest access is also possible.
  • the proposed method is also applicable in ad hoc networks which are formed, for example, between arbitrary apparatuses without any access to infrastructure and without pre-exchanged keys. In any case, it should be ensured that unauthorized apparatuses that are present in the same ambience cannot perform the ambient parameter procedure for authentication.

Abstract

The invention relates to a method of authentication, particularly in home networks (1), between a network-internal apparatus (23) and a wireless network­-external apparatus (3). The authentication is based on a comparison of the values of both apparatuses, which values result from their separate measurements of at least one predefined ambient parameter. Alternatively, the authentication is realized by encrypting configuration data on the basis of values of measured, predefined ambient parameters.

Description

METHOD FOR AUTHENTICATION OF EXTERNAL APPARATUSES IN HOME OR WIRELESS NETWORKS
The invention relates to a method of authentication, particularly in home networks, between a network-internal and a network-external apparatus. On the consumer market, ease of use is an important sales factor. It includes simple set-up procedures for consumer apparatuses such as televisions, video recorders, etc. 5 The best home network configuration would thus be the configuration which is realized by means of automatic procedures without or with only minimal user interaction. Future consumer apparatuses (CE apparatuses) will have a wireless connection. However, the wireless transmission extends beyond home limits and may consequently also be within range of a neighbor's apparatuses. It is thus susceptible to interception and unauthorized 10 access. The set-up of a wireless connection therefore comprises two further decisive factors: membership and security. A wireless connection can be established by means of automatic procedures, but an apparatus without any pre-configuration may not be sure that it is connected to the correct network or to a neighbor's network. Moreover, as far as no precautions are taken, the communication can easily be intercepted by a proximate apparatus. 15
To solve these problems, the apparatuses require a common database with reference to which they can determine whether they belong together, as well as joint security- relevant data such as, for example, a cryptographic key allowing them to protect their 20 communication from interception. This joint database must be installed during the configuration process. Conventional methods equip all apparatuses with a user interface for manual entry of the database or offer the user available options, for example, all visible wireless networks, for selection. These methods have considerable drawbacks as far as their ease of use is concerned, because the apparatuses require a corresponding user interface 25 (display screen, keyboard, etc.) and the user operation is prone to error, particularly with inexperienced users. To realize a wireless set-up by means of a fully automatic procedure, an automatic procedure solving the membership problem is required. US 2003/0,095,521 Al discloses a network scheme in which access of short-range network apparatuses to WAN/Internet networks is realized via a kind of "access apparatus" such as, for example, Handy or PDA having a link with both networks. The authentication between the "access apparatus" and the terminal of the short-range network is realized via a PIN entry. The short- range network may be managed by a third party, for example, a telecommunication provider. In this case, the apparatuses via the user, the seller or the provider are integrated in the network via a PIN pre-registration. This process is performed either via a website or directly via an "access apparatus". The PIN is preferably supplied together with the apparatus. The known methods have in common that they require user interactions in the form of manual entries, for example, a PIN. Such interactions require corresponding user interfaces and, particularly among inexperienced users, they are prone to error and prove to be inconvenient, particularly for this user group. Moreover, access to the short-range network in the known systems is not spatially defined so that the risk of unauthorized access or interception cannot be excluded.
It is therefore an object of the invention to provide a method of authentication, particularly in home networks, with which a fully automatic integration of wireless apparatuses without any user entry is realized and the risk of unauthorized access or interception is minimized by spatial delimitation. This object is achieved in that the authentication between a network-internal apparatus and a wireless network-external apparatus is based on a comparison of the values of both apparatuses, which values result from their separate measurements of at least one predefined ambient parameter. A new apparatus which is to be integrated by means of an automatic procedure in a wireless network first scans the frequency spectrum and establishes a connection with a network-internal apparatus which it has found, for example, an access point. Such a procedure is standardized, for example, in IEEE802.1 1. This new apparatus must determine whether it is connected to the correct partner (and not to, for example, a neighbor's apparatus), while the network-internal apparatus must determine whether the new apparatus is authorized to be integrated in the network. The invention proposes a solution to this problem which is based on the evaluation of the characteristics of home networks. Two apparatuses check in the following way whether they belong to the same network: one apparatus selects an ambient variable or a set of such variables (such as, for example, temperature, light, etc.) which unambiguously defines the home and, consequently, the home network and transmits these variables to the other apparatus. Subsequently, both apparatuses perform a measurement of the corresponding ambient values and exchange the results. When the measured values correspond, both apparatuses know that they belong to one and the same network, and the configuration process, in which the network-internal apparatus sends further configuration parameters to the new apparatus, can be continued. The object is further achieved by a method, in which the required configuration data are sent from the network-internal apparatus to the wireless network- external apparatus in an encrypted manner and in which the encryption is based on the values of measured, predefined ambient parameters. In a further embodiment of the invention, the ambient parameters consist of acoustic and/or optical signals generated by the network-internal apparatus. Defined, time- constant and physically measurable ambient properties are generated thereby, so that deviations between the measured values of the network-external and the network-internal apparatus, caused by measurement time shifts, are excluded. Ambient parameters which change upon each request by the network-internal apparatus are defined. It is thereby prevented that an external apparatus repeats the authentication with changing (for example, automatically generated) values until the corresponding values are detected. Alternatively or additionally, the authentication method may be supplemented with further mechanisms so that, for example, after a predefined number of authentication attempts by an external apparatus, further attempts by this apparatus are automatically denied for a given period of time. Advantageously, the defined ambient parameters have time-dynamic values. It is thereby prevented that an external apparatus intercepts a successful authentication and retransmits the transmitted data at a later point of time so as to authenticate itself (referred to as "replay attack"). For example, the internal apparatus may itself add defined values or values generated by a random number generator to the communication, which values are transmitted back by the external apparatus in an encrypted form, together with the measured values. Following the nature of a home network and the spatial proximity of the apparatuses connected to this network, the invention is based on the principle that the values measurable in the ambience of the network are equal for all participating apparatuses at the instant when the apparatuses are to be configured automatically. However, these values are not detectable by apparatuses outside the considered ambience, i.e. outside the home. Further embodiments of the invention are defined in the dependent claims. These and other aspects of the invention are apparent from and will be elucidated with reference to the embodiments described hereinafter.
In the drawings: Fig. 1 shows the arrangement of a home network; Fig. 2 shows the flow chart of the method according to the invention, with value comparison, and Fig. 3 shows the flow chart of the method according to the invention, with ambient value encryption.
In the example shown in Fig. 1 , a home network 1 is arranged with internal apparatuses 21, 22, 23, 24, 25 to which a network-external notebook 3 requests access. After the notebook 3 has performed a scan of available wireless networks, it establishes, for a network authentication, a connection as shown in Fig. 2 with the network-internal access point 21 which is a member of the selected network 1. The access point 21 sends the ambient parameters "temperature" and "acoustic frequency" to the notebook 3. Subsequently, the access point 21 generates an acoustic signal at the frequency FA. The network-internal access point 21 as well as the network-external notebook 3 now measures the ambient parameters "temperature" and "acoustic frequency", with the latter measurement on the part of the access point 21 being canceled because this frequency was generated by the access point 21 itself. After the notebook 3 has passed on its measured values TN, FN to the access point 21 , it compares the obtained values with the self-determined values. When the transmitted values TN, FN correspond to the own values TA, FA, the access point 21 sends the required configuration data to the notebook 3 which performs the corresponding configuration and subsequently connects it to the network 1. When the values passed on by the notebook 3 to the access point 21 do not correspond to the own values, the notebook 3 is denied access to the network 1. In this case, the notebook 3 repeats this procedure with an apparatus of another available network. However, this method still does not provide adequate protection from interception. The state of the art offers different methods of securing the communication between the apparatuses. To this end, the network-internal apparatus (access point 21) encrypts the connection with the network-external apparatus (notebook 3) by means of known encoding methods which are based on modern mathematical methods and provide the possibility of transmitting the required keys via the unprotected wireless interface. Such a method is, for example, the symmetrical Hellman encryption in which each apparatus exchanges half of its key, or the asymmetric private/public encryption principle in which the apparatuses exchange their public keys. The required keys are suitably exchanged before sending the ambient parameters from the network-internal apparatus (access point 21) to the network-external apparatus (notebook 3). In the method shown in Fig. 3, there is no comparison of the values measured by notebook 3 with the values of the access point 21. The access point 21 directly sends the required configuration data to the notebook 3, which data are, however, encoded on the basis of the determined values "temperature TA" and "acoustic frequency FA". If the ambient values TN, FN passed on by notebook 3 correspond to those of the access point 21, the transmitted configuration data can be decrypted and the connection with the network 1 can be subsequently established. If, in the opposite case, the transmitted configuration data cannot be decrypted by the notebook 3, no connection can be established with the network 1. The proposed methods represent a new paradigma for authentication of a new apparatus in an existing home network, which is based on the interaction between the apparatuses and their ambience. Security-relevant data are the measured results of some defined ambient variables which are determined separately by the new apparatus which is to be configured, and one of the apparatuses already registered in the network. The apparatus which has already been registered serves as the authenticator in this case. Suitable ambient variables for authentication are, for example, also the acoustic signature of the space or a "fingerprint" of the instantaneous acoustic ambience (such as, for example, an operating air-conditioning apparatus or currently playing music). Alternatively, an ultrasound signal can be generated by the network-internal apparatus. Further suitable parameters are modulated light signals (visible or infrared) air temperature humidity - light intensity of the ambience a (possibly weighted) mixture of a plurality of parameters. In this respect it is to be noted that the simultaneous measurements by the network-external apparatus to be configured and the network-internal apparatus counteracts faults in the home network, which may be caused by temporal changes of the ambience. The use of common ambient characteristics is also possible for authenticating apparatuses in power line communication networks which are also vulnerable to interception and unauthorized access because of their internal connections. Furthermore, the use of these characteristics is also suitable for arranging a home network between two apparatuses. In this case, one apparatus is to be assigned the role of the "network-internal" apparatus and the other the role of the "network-external" apparatus. Guest access is also possible. Moreover, the proposed method is also applicable in ad hoc networks which are formed, for example, between arbitrary apparatuses without any access to infrastructure and without pre-exchanged keys. In any case, it should be ensured that unauthorized apparatuses that are present in the same ambience cannot perform the ambient parameter procedure for authentication.
LIST OF REFERENCE NUMERALS:
1 network
2 network-internal apparatus
3 network-external apparatus
21 to 25 network-internal apparatuses

Claims

CLAIMS:
1. A method of authentication, particularly in home networks, between a network-internal apparatus (21 to 25) and a wireless network-external apparatus (3), wherein the authentication is based on a comparison of the values of both apparatuses, which values result from their separate measurements of at least one predefined ambient parameter.
2. A method of authentication, particularly in home networks, between a network-internal apparatus (21 to 25) and a wireless network-external apparatus (3), wherein the required configuration data are sent from the network internal apparatus (21 to 25) to the wireless network-external apparatus (3) in an encrypted manner and wherein the encryption is based on the values of measured, predefined ambient parameters.
3. A method as claimed in claim 1, characterized in that the measured values are exchanged between the network-internal apparatus (21 to 25) and the network-external apparatus (3) in an encrypted manner by means of pre-exchanged "public keys".
4. A method as claimed in any one of claims 1 to 3, characterized in that the ambient parameters consist of acoustic and/or optical signals generated by the network- internal apparatus (21 to 25).
5. A method as claimed in any one of claims 1 to 4, characterized in that ambient parameters which change upon each request by the network- internal apparatus (21 to 25) are defined.
6. A method as claimed in any one of claims 1 to 5, characterized in that the defined ambient parameters have time-dynamic values.
7. A method as claimed in any one of claims 1 to 6, characterized in that the network-internal apparatus (21 to 25) is an access point.
PCT/IB2005/050167 2004-01-23 2005-01-14 Method for authentication of external apparatuses in home or wireless networks WO2005071922A1 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
EP05702677A EP1712062A1 (en) 2004-01-23 2005-01-14 Method for authentication of external apparatuses in home or wireless networks
JP2006550388A JP2007519355A (en) 2004-01-23 2005-01-14 Authentication method of external device in home network or wireless network

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
EP04100230 2004-01-23
EP04100230.4 2004-01-23

Publications (1)

Publication Number Publication Date
WO2005071922A1 true WO2005071922A1 (en) 2005-08-04

Family

ID=34802678

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/IB2005/050167 WO2005071922A1 (en) 2004-01-23 2005-01-14 Method for authentication of external apparatuses in home or wireless networks

Country Status (5)

Country Link
EP (1) EP1712062A1 (en)
JP (1) JP2007519355A (en)
KR (1) KR20060132876A (en)
CN (1) CN1910884A (en)
WO (1) WO2005071922A1 (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2016173977A1 (en) * 2015-04-30 2016-11-03 Deutsche Telekom Ag Actuating home automation functions
WO2018022217A1 (en) * 2016-07-25 2018-02-01 Qualcomm Incorporated Proximity sensing using spectral analysis
US11310667B2 (en) 2016-12-30 2022-04-19 Avl List Gmbh Communication by a network node in a data network

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP4781135B2 (en) * 2006-03-15 2011-09-28 富士通株式会社 Authentication method and authentication system

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5719950A (en) * 1994-03-24 1998-02-17 Minnesota Mining And Manufacturing Company Biometric, personal authentication system
WO2003054654A2 (en) * 2001-12-21 2003-07-03 Nokia Corporation Location-based novelty index value and recommendation system and method
WO2003075125A2 (en) * 2002-03-01 2003-09-12 Enterasys Networks, Inc. Location aware data network
US20030182555A1 (en) * 2000-08-27 2003-09-25 Labaton Issac J Methods and device for digitally signing data
EP1372298A1 (en) * 2002-06-14 2003-12-17 TeliaSonera Finland Oyj Method of transferring user data of a data transmission device of a wireless local area network, and wireless local area network system

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5719950A (en) * 1994-03-24 1998-02-17 Minnesota Mining And Manufacturing Company Biometric, personal authentication system
US20030182555A1 (en) * 2000-08-27 2003-09-25 Labaton Issac J Methods and device for digitally signing data
WO2003054654A2 (en) * 2001-12-21 2003-07-03 Nokia Corporation Location-based novelty index value and recommendation system and method
WO2003075125A2 (en) * 2002-03-01 2003-09-12 Enterasys Networks, Inc. Location aware data network
EP1372298A1 (en) * 2002-06-14 2003-12-17 TeliaSonera Finland Oyj Method of transferring user data of a data transmission device of a wireless local area network, and wireless local area network system

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2016173977A1 (en) * 2015-04-30 2016-11-03 Deutsche Telekom Ag Actuating home automation functions
WO2018022217A1 (en) * 2016-07-25 2018-02-01 Qualcomm Incorporated Proximity sensing using spectral analysis
US11310667B2 (en) 2016-12-30 2022-04-19 Avl List Gmbh Communication by a network node in a data network

Also Published As

Publication number Publication date
CN1910884A (en) 2007-02-07
JP2007519355A (en) 2007-07-12
KR20060132876A (en) 2006-12-22
EP1712062A1 (en) 2006-10-18

Similar Documents

Publication Publication Date Title
US7860485B2 (en) Device and process for wireless local area network association and corresponding products
CN103596173B (en) Wireless network authentication method, client and service end wireless network authentication device
US7603557B2 (en) Communication device, communication system and authentication method
EP1589695B1 (en) A method for the access of the mobile terminal to the WLAN and for the data communication via the wireless link securely
US7941122B2 (en) Device and process for wireless local area network association
JP4613969B2 (en) Communication apparatus and communication method
CN101217805B (en) A wireless LAN access control method
CN105828332B (en) improved method of wireless local area network authentication mechanism
US20060161774A1 (en) Authentication method and system between device with small computational resources and device using public key
US8819415B2 (en) Method and device for authenticating personal network entity
GB2418819A (en) System which transmits security settings in authentication response message
JP2009212732A5 (en)
US20210250177A1 (en) SYSTEM AND METHOD FOR BLOCKCHAIN-BASED MULTI-FACTOR SECURITY AUTHENTICATION BETWEEN MOBILE TERMINAL AND IoT DEVICE
KR20070074397A (en) Ownership sharing method and apparatus using secret key in home network remote-controller
US20230328524A1 (en) Non-3gpp device access to core network
WO2005071922A1 (en) Method for authentication of external apparatuses in home or wireless networks
US20210392120A1 (en) Secure device coupling
CN110876142A (en) Identification-based wifi authentication method
Janesko Bluetooth low energy security analysis framework
US20230239145A1 (en) Method and device for managing a pairing request of a first device with a second device
US20190166495A1 (en) Device authentication
KR100924315B1 (en) Authentification system of wireless-lan with enhanced security and authentifiaction method thereof
WO2020239179A1 (en) Distributed access control
CN117082501A (en) Mobile terminal data encryption method
EP1615387A1 (en) Device and process for wireless local area network association

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BW BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE EG ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NA NI NO NZ OM PG PH PL PT RO RU SC SD SE SG SK SL SY TJ TM TN TR TT TZ UA UG US UZ VC VN YU ZA ZM ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): BW GH GM KE LS MW MZ NA SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IS IT LT LU MC NL PL PT RO SE SI SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
WWE Wipo information: entry into national phase

Ref document number: 2005702677

Country of ref document: EP

WWE Wipo information: entry into national phase

Ref document number: 200580002888.1

Country of ref document: CN

Ref document number: 2006550388

Country of ref document: JP

Ref document number: 1020067014748

Country of ref document: KR

WWP Wipo information: published in national office

Ref document number: 2005702677

Country of ref document: EP

WWP Wipo information: published in national office

Ref document number: 1020067014748

Country of ref document: KR

WWW Wipo information: withdrawn in national office

Ref document number: 2005702677

Country of ref document: EP