WO2007043015A2 - Improved proximity detection method - Google Patents

Improved proximity detection method Download PDF

Info

Publication number
WO2007043015A2
WO2007043015A2 PCT/IB2006/053732 IB2006053732W WO2007043015A2 WO 2007043015 A2 WO2007043015 A2 WO 2007043015A2 IB 2006053732 W IB2006053732 W IB 2006053732W WO 2007043015 A2 WO2007043015 A2 WO 2007043015A2
Authority
WO
WIPO (PCT)
Prior art keywords
protected
query
response
computed
cpu
Prior art date
Application number
PCT/IB2006/053732
Other languages
French (fr)
Other versions
WO2007043015A3 (en
Inventor
Michael Epstein
Marc Vauclair
Ventzislav Nikov
Original Assignee
Koninklijke Philips Electronics N.V.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Koninklijke Philips Electronics N.V. filed Critical Koninklijke Philips Electronics N.V.
Publication of WO2007043015A2 publication Critical patent/WO2007043015A2/en
Publication of WO2007043015A3 publication Critical patent/WO2007043015A3/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0869Network architectures or network communication protocols for network security for authentication of entities for achieving mutual authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/44Program or device authentication
    • G06F21/445Program or device authentication by mutual authentication, e.g. between devices or programs
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0492Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload by using a location-limited connection, e.g. near-field communication or limited proximity of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2111Location-sensitive, e.g. geographical location, GPS
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2463/00Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
    • H04L2463/101Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00 applying security measures for digital rights management

Abstract

The invention relates to a method of determining a distance between a first device (200) and a second device (220). In a precomputing phase, both devices (200, 220) compute for a query at a protected query Ma1 and for a response bt a protected response Mb1. In an interactive phase, the first device (200) sends the protected query Ma1 to the second device (220). The second device (220) compares the received protected query Ma1 against the computed protected query Ma1 and sends the protected response Mb1 to the first device (200). The first device (200), compares the received protected response mbt against the computed protected response mbj. The distance is determined based on a measurement of time elapsed between sending the protected query Ma1 to the second device (220) and receiving the protected response Mb1 from the second device (220).

Description

Improved proximity detection method
In recent years, the number of content protection systems available has been growing rapidly. Some of these systems only protect the content against unauthorized copying, while others restrict the user's ability to access the content. These systems are often referred to as Digital Rights Management (DRM) systems. Consumers want to enjoy content without hassle and with as few limitations as possible. They want to network their devices to enable all types of different applications and easily access any type of content. They also want to be able to share/transfer content in their home environment without limitations.
One way of protecting content in the form of digital data is to ensure that content will only be transferred from a transmitting device (source device, e.g. a digital video recorder, DVR) to a receiving device (sink device, e.g. a television display device) if the receiving device has been authenticated as being a compliant device and if the user of the content has the right to transfer (move, copy) that content to another device. If transfer of content is allowed, this will typically be performed in an encrypted way to make sure that the content cannot be captured in an unprotected, high-quality digital format.
Technology to perform device authentication and encrypted content transfer is available and is called a secure authenticated channel (SAC). In many cases, a SAC is set up using an Authentication and Key Exchange (AKE) protocol that is based on public key cryptography. Standards such as International Standard ISO/IEC 11770-3 and ISO/IEC 9796- 2, and public key algorithms such as RSA and hash algorithms like SHA-I are often used.
To set up a SAC, each device typically contains a unique encryption key that is used in a challenge/response protocol with another device to calculate a temporary, mutually shared key. The two devices subsequently use this shared key to protect the exchanged content and usage rights information. A remaining issue is that a SAC may be set up between devices that are, physically or network- wise, far away from each other. To limit this possibility, various proposals have been made for some form of distance measurement that is to be performed when the SAC is set up. If the source and sink devices are too far away from each other, the SAC should not be set up or content exchange should be refused or limited. Typically such distance measurement involves a challenge-response protocol where the time between sending the challenge and receiving the response is measured and used to estimate the distance between source and sink devices. Distance measurement can be combined with the authentication protocol of the SAC setup, as is taught for example in international patent application WO 2004/014037 (attorney docket PHNL020681).
A problem with distance measurement protocols, especially those that combine distance measurement with authentication, is that the time between sending the challenge and receiving the response also includes the time needed by the remote party (typically the sink device) to compute the response. This may introduce inaccuracies in the determined distance. For instance, a personal computer with a fast processor can compute a response very quickly, even when (complex and hence slow) public key cryptography operations are used. A small portable device such as a PDA will take a much longer time to perform the same computations. It is now hard to tell the difference between such a fast PC that is far away and such a slow portable device that is closer.
It is an object of the present invention to provide a method of determining a distance between a first device and a second device which improves upon the above methods. This object is achieved according to the invention in a method comprising, in a precomputing phase, at both devices (200, 220), computing for a query α, a protected query Ma1 and for a response bi a protected response Wb1, and in an interactive phase,
- at the first device (200), sending the protected query Ma1 to the second device (220),
- at the second device (220), comparing the received protected query Ma1 against the computed protected query Ma1, - at the second device (220), sending the protected response mbj to the first device (200), at the first device (200), comparing the received protected response mbj against the computed protected response mbj, and determining the distance based on a measurement of time elapsed between sending the protected query Ma1 to the second device (220) and receiving the protected response Mb1 from the second device (220).
In this method, the protocol interactions are minimized. The only complex operations are during the precomputing phase. If, as is preferred, only symmetric cryptographic functions are used to derive the protected queries and responses, the protocol is also very suitable for slow devices such as the above-mentioned PDAs. Moreover the present invention is suitable for use in any connection between two devices where there is a need to determine the physical proximity of the connected devices. There is a clear separation from any other protocol, such as the establishment of a secure authenticated channel. The most important feature of the present invention is that the time difference that is measured at the end of the interactive phase relates only to the travel time of the protected query and response between the devices and not to the processing power of the devices. This is due to the precomputation phase which is executed before the interactive phase. Any time spent on computing the protected versions of queries and responses is not counted in the time between sending the protected query and receiving the protected response, because these computations occurred before the interactive phease.
International patent application WO 2003/079638 (attorney docket
PHUS020086) mentions that the time between query and reply comprises both the time for communicating the query and its reply and the time needed for computing the reply. The document further suggests to subtract the processing time from the measured time between sending the query and receiving the reply. However, this requires that the processing time is known with a sufficient degree of accuracy.
International patent applications WO 2004/030311 (attorney docket PHUS010314) and WO 2004/030312 (attorney docket PHUS020358) also deal with estimating the distance between two devices by measuring the time between sending a query and receiving a reply. Both assume that the processing time for computing the reply is negligible compared to the time needed for the query and reply to travel over the network. Both hence conclude that a device is "far away" if the time between sending a query and receiving a reply exceeds a certain threshold. As argued above, these applications thus would wrongly conclude a very slow device is far away because its long processing time is taken for a large network travel time.
Preferably the queries and responses are computed by applying a cryptographic hash function to a given seed R. This is an easy and fast way to compute these queries and response. Furthermore, if the parties engage in the setting up of a secure authenticated channel, the SAC setup protocol may produce as one of its outputs a number that may serve as the seed R. This number will be hard to predict for an outside attacker. This embodiment thus improves security of the system.
Preferably the protected version Ma1 of a query α, and the protected version mbj of a response bl are computed using a Message Authentication Code (MAC) function. Optionally the protected query Ma1 and the protected response mbj are sent accompanied by the number i. This ensures that the recipient knows which computed query and response to compare against the received query and response, respectively. As a result it is more likely that the parties will remain synchronized throughout the protocol.
Other advantageous embodiments are set out in the dependent claims. The invention further provides a system that operates according to the invention, and a first device and a second device for use in this system.
The invention will now be discussed in more detail with reference to the figures, in which:
Fig. 1 schematically shows a system comprising devices interconnected via a network;
Fig. 2 schematically illustrates a source device and a sink device; and Fig. 3 shows an embodiment of the inventive proximity detection protocol.
Throughout the figures, same reference numerals indicate similar or corresponding features. Some of the features indicated in the drawings are typically implemented in software, and as such represent software entities, such as software modules or objects.
Fig. 1 schematically shows a system 100 comprising devices 101-105 interconnected via a network 110. A typical digital home network includes a number of devices, e.g. a radio receiver, a tuner/decoder, a CD player, a pair of speakers, a television, a VCR, a digital recorder, a mobile phone, a tape deck, a personal computer, a personal digital assistant, a portable display unit, a car entertainment system, and so on. These devices are usually interconnected to allow one device, e.g. the television, to control another, e.g. the VCR. One device, such as e.g. the tuner/decoder or a set top box (STB), is usually the central device, providing central control over the others. Content, which typically comprises things like music, songs, movies, animations, speeches, videoclips for music, TV programs, pictures, games, ringtones, spoken books and the like, but which also may include interactive services, is received through a residential gateway or set top box 101. Content could also enter the home via other sources, such as storage media like discs or using portable devices. The source could be a connection to a broadband cable network, an Internet connection, a satellite downlink and so on. The content can then be transferred over the network 110 to a sink for rendering. A sink can be, for instance, the television display 102, the portable display device 103, the mobile phone 104 and/or the audio playback device 105. The exact way in which a content item is rendered depends on the type of device and the type of content. For instance, in a radio receiver, rendering comprises generating audio signals and feeding them to loudspeakers. For a television receiver, rendering generally comprises generating audio and video signals and feeding those to a display screen and loudspeakers. For other types of content a similar appropriate action must be taken. Rendering may also include operations such as decrypting or descrambling a received signal, synchronizing audio and video signals and so on.
The set top box 101, or any other device in the system 100, may comprise a storage medium Sl such as a suitably large hard disk, allowing the recording and later playback of received content. The storage medium Sl could be a Personal Digital Recorder (PDR) of some kind, for example a DVD+RW recorder, to which the set top box 101 is connected. Content can also enter the system 100 stored on a carrier 120 such as a Compact Disc (CD) or Digital Versatile Disc (DVD).
The portable display device 103 and the mobile phone 104 are connected wirelessly to the network 110 using a base station 111, for example using Bluetooth or IEEE 802.1 Ib. The other devices are connected using a conventional wired connection. To allow the devices 101-105 to interact, several interoperability standards are available, which allow different devices to exchange messages and information and to control each other. One well- known standard is the Universal Plug and Play (http://www.upnp.org) standard.
It is important to ensure that the devices 101-105 in the home network do not allow the creation of unauthorized copies of the content. Hence the devices 101-105 are provided with a data protection system for a digital display interface. This data protection system ensures that only authorized and protected content transfers can occur from a first device, hereafter referred to as source device or just source, to a second device, hereafter referred to as sink device or just sink. Fig. 2 schematically illustrates a source device 200 and sink device 220. Both devices comprise a digital interface IF, a processor CPU and a storage component MEM. Typically the source device 200 is a device that holds content which is to be streamed (or otherwise transmitted) to the sink device 220. The sink device 220 then typically is a device that receives this streamed content and renders it, e.g. on a display screen. Any of the devices 101-105 mentioned above may operate as the source device 200 and/or as the sink device 220. It is worth noting that a device may operate as source device relative to one other device, and as sink device relative to a further device. This may even occur simultaneously. An example of a source device 200 and a sink device 220 is a digital video recorder (DVR) connected to a television display. The digital audiovisual content recorded by the DVR is streamed to the display so the user can watch the content. The source may also be a (laptop or desktop) computer, where the sink is its display screen.
As shown in Fig. 2, the interface between source device 200 and sink device 220 comprises a high-speed unidirectional main link 211 and a relatively low-speed bidirectional auxiliary channel 212. In an embodiment evisaged by the inventors, the main link 211 can carry up to 10 Gigabits per second and the auxiliary channel 212 has a 1 Megabit per second transfer rate. The main link 211 is used to carry compressed or uncompressed digital data such as video and/or audio data. Technology to perform device authentication and encrypted content transfer is available and is called a secure authenticated channel (SAC). A SAC 210 is assumed to have been set up as shown in Fig. 2 to protect the data transferred over the main link 211 and auxiliary link 212. Alternatively only the main link 211 or only the auxiliary link 212 may be protected by the SAC 210. For example, if the content to be transferred is already encrypted, there is no need to transfer the content over a SAC as that would mean needless double encryption operations. Yet alternatively the SAC may for some message transfers be bypassed, for example for already-encrypted messages or for messages that can safely be sent without protection.
SACs and the underlying technologies are well-known. Public key cryptography and digital certificates may be used for mutual authentication between the source and sink devices. The data is transferred over the main link in encrypted form.
It is assumed is that the source and sink devices have already established the secure authenticated channel 210. Many ways are possible to establish a SAC. Which particular technique is chosen is out of scope for the present invention. It is also assumed that both devices share a common secret authentication key (denoted by K) and another common secret (referred as seed and denoted by R). Those values are preferably computed or exchanged during the SAC establishment phase.
An embodiment of the inventive proximity detection protocol is illustrated in Fig. 3. The proximity detection protocol consists of a pre-computation phase and an interactive phase. During the precomputation phase, the devices compute the information they will use during the interactive phase. Each phase of the protocol is now described in turn.
During the precomputation phase, both devices obtain at least one query and at least one corresponding response. In a preferred embodiment both devices compute a sequence of queries, hereafter referred to as the sequence a, and a sequence of responses, hereafter referred to as the sequence b using the above-mentioned seed R and a public algorithm. Elements of the sequences are referred to as Ci1 and bt respectively, where i is an integer ranging from 0 to a certain (sufficiently large) maximum N. The queries and responses can simply be binary sequences.
For security reasons, both devices must ensure that none of the values Ci1 equal any of the values bt. Mathematically speaking, V/, je {O,..., N}: Ci1 ≠ b .
The sequences a and b may be computed in many ways. An efficient way to generate the sequences is to apply a cryptographic hash function to the seed R and the integer i (i = 0, ..., N) to generate Ci1 and bt. For instance:
Figure imgf000009_0001
where 'x||y' denotes concatenation of the string x and the string y. The cryptographic hash function preferably is the well-known SHA function. In this embodiment the sequences are unknown to third parties.
Another way to compute the items Ci1 and bl (i = 0, ..., N) is to simply determine a number BN that is larger than N and to determine the items as: ai = i bi = i + BN If this embodiment is used, the sequences themselves are known to or can easily be predicted by third parties.
In the above embodiment the seed R is not used. This makes the embodiment useful if the SAC protocol does not deliver such a seed R. If it is desirable to use the seed R, another way to compute the items Ci1 and bl (i = 0, ..., N) is to determine the items as: ai = R + i bi = R + i + BN Alternatively the sequences a and b may be provided to the devices 200, 220 from an external source. For instance the sequences may have been preprogrammed or received from a domain manager.
Next, both devices compute protected versions of all items Ci1 and b1 {i = 0, ..., N), denoted as ma, and Mb1 respectively. It should not be possible to derive mbt from Ma1 without the knowledge of the authentication key K. Preferably the protected versions are generated using a Message Authentication Code (MAC) function using a MAC such as AES in XCBC mode as follows: Ma1 = MAC(K, ai) mb, = MAC(K, b,)
Alternatively a HMAC using a cryptographic hash function such as SHA can be used. The use of the MD5 hash function is theoretically possible, but this function has been shown to be insecure. As alternatives to a MAC, the protected versions could be created by applying a digital signature algorithm to the items. If it is not necessary that the sequences a and b can be made public, then a straightforward use of a hash function (i.e. mat = SHA(α,) and Mb1 = SHA(^)) can be made instead. By using a keyed MAC or a digital signature algorithm, it is possible to publish the sequences a and b and still have a secure protocol.
Both devices further have a counter to keep track of the current query and response. This counter is denoted by i.
The precomputing phase may occur at any time prior to the interactive phase. If the common secret authentication key K and the seed R (or one of these values) are established during the SAC setup, then of course the precomputing phase should occur after setting up the SAC. If however the inputs needed for the precomputing phase are not established during the SAC setup, then the precomputing phase may occur at any time. By performing these computations prior to the interactive phase, it is ensured that any time spent on these computations does not affect the time measured in the actual distance measurement protocol. This way the time measured is the most accurate.
The second phase is interactive and illustrated in Fig. 3. Initially, both devices have stored respective copies ofah bu mab mbu and i which were computed in the first phase. In step 301, source device 200 records the current time, hereafter referred to as t0.
In step 302, source device 200 sends Ma1 to sink device 220 which receives it in step 303. In step 304, sink device 220 verifies that the received value Ma1 is equal to the stored value Ma1. As this involves only a comparison between two numbers, this can be done very efficiently. If the received value does not match the stored value, the sink aborts the protocol in step 320.
In step 305, sink device 220 responds by sending the value mbt back to the source device 200. The source device 200 receives this value mbt in step 306 and verifies in step 307 that the received value Mb1 is equal to the stored value mbt.
Both devices 200, 220 subsequently increase their counters i by one in steps 308, 309. The counters ensure that both devices use the same values Ma1 and Mb1 in the protocol. It may happen that the respective counters from the devices 200, 220 have different values. For example, a device may crash after completing the message exchange but before the counter could be updated. If the other device does update the counter, then subsequent distance measurements will fail because the comparison of the received Ma1 or Mb1 and the stored Ma1 or Mb1 will reveal they are not identical.
To detect this kind of problem, it is possible for the device performing the check to compare the received protected value, say Ma1, against not only the stored Ma1, but also against the previous and next items in the sequence, ma1+i and Ma1-I. If there is a match between the received value ma, and ma1+i or Ma1-I, the device can adjust its counter appropriately.
An alternative solution to this problem is to send the counter i along with the value THa1 (or Mb1). This way the recipient immediately knows against which stored value the received value is to be compared.
Source device 200 in step 310 again records the current time, hereafter referred to as ti. In step 311 the source device 200 computes the time difference ti - to. This time difference is used in the final step 312 to determine if the sink device 220 is sufficiently close to the source device 200. This is preferably done by determining if the time difference is less than a predetermined limit.
This determination can be used to decide whether the sink device 220 is to be authenticated or not, or whether particular content is allowed to be transferred to the sink device 220. For instance, a requirement could be that any query is to be answered within7 milliseconds. This is sufficiently short to know with reasonable certainty that the sink device 220 must be close to the source device 200. The choice depends on many parameters, such as the expected travel time of data over the network. In the abovementioned network where the auxiliary channel 212 has a 1 Megabit per second transfer rate, the inventors prefer a value of 500μs. At regular intervals during data transfer the proximity detection may be repeated to verify whether the source device 200 and the sink device 220 are still in the required proximity of each other.
It is worth noting that even though there is a secure authenticated channel 210 between the devices 200, 220, the proximity protocol according to the invention does not need to be carried out over this secure authenticated channel 210. It may be carried out over the auxiliary channel 212 without protecting the messages.
It should be noted that the above-mentioned embodiments illustrate rather than limit the invention, and that those skilled in the art will be able to design many alternative embodiments without departing from the scope of the appended claims.
In the claims, any reference signs placed between parentheses shall not be construed as limiting the claim. The word "comprising" does not exclude the presence of elements or steps other than those listed in a claim. The word "a" or "an" preceding an element does not exclude the presence of a plurality of such elements. The invention can be implemented by means of hardware comprising several distinct elements, and by means of a suitably programmed computer. In the device claim enumerating several means, several of these means can be embodied by one and the same item of hardware. The mere fact that certain measures are recited in mutually different dependent claims does not indicate that a combination of these measures cannot be used to advantage.

Claims

CLAIMS:
1. A method of determining a distance between a first device (200) and a second device (220), the method comprising: in a precomputing phase, at both devices (200, 220), computing for a query Ci1 a protected query ma, and for a response bt a protected response Mb1, in an interactive phase, at the first device (200), sending the protected query ma, to the second device (220), at the second device (220), comparing the received protected query ma, against the computed protected query Ma1, at the second device (220), sending the protected response mbj to the first device (200), at the first device (200), comparing the received protected response Mb1 against the computed protected response mbt, and determining the distance based on a measurement of time elapsed between sending the protected query Ma1 to the second device (220) and receiving the protected response mbt from the second device (220).
2. The method of claim 1 , in which the step of computing the protected query is performed once for each query α, of a given first sequence a of queries, and the step of computing the protected response is performed once for each response bl of a given second sequence b of responses a protected response mbt, where i is a number between 0 and a predetermined boundary N.
3. The method of claim 1 or 2, in which the query Ci1 is computed by applying a cryptographic hash function to a given seed R and the number i, and the response bl is computed by applying a cryptographic hash function to a given seed R and the number i, such that Ci1 does not equal bl.
4. The method of claim 3 as dependent from claim 2, in which each query Ci1 of the given first sequence a of queries is computed by applying a cryptographic hash function to a given seed R and the number i, and each response bl of a given second sequence b of responses is computed by applying a cryptographic hash function to a given seed R and the number i, such that for each query α, and for each response bu Ci1 does not equal bl.
5. The method of claim 2, in which the first sequence a of queries and the second sequence b of responses are received by the devices (200, 220) over a network.
6. The method of claim 1 , in which the protected version Ma1 of a query Ci1 and the protected version Wb1 of a response bt are computed using a Message Authentication Code (MAC) function.
7. The method of claim 2, in which the protected query Ma1 and the protected response Mb1 are sent accompanied by the number i.
8. A system comprising a first device (200) and a second device (220) and being configured for determining a distance between the devices (200, 220), in which both devices (200, 220) comprises respective means (CPU, MEM) for, in a precomputing phase, computing for a query α, a protected query Ma1 and for a response bl a protected response mbj, the first device (200) comprises means (CPU, MEM, IF) for, in an interactive phase, sending the protected query Ma1 to the second device (220), the second device (220) comprises means (CPU, MEM, IF) for, in the interactive phase, comparing the received protected query Ma1 against the computed protected query Ma1, and means (CPU, MEM, IF) for sending the protected response Mb1 to the first device (200), the first device (200) further comprises means (CPU, MEM, IF) for, in the interactive phase, comparing the received protected response Mb1 against the computed protected response mbj, and means (CPU) for determining the distance based on a measurement of time elapsed between sending the protected query Ma1 to the second device (220) and receiving the protected response mbj from the second device (220).
9. A device (200) configured to operate as the first device as claimed in claim 8, comprising means (CPU, MEM) for, in a precomputing phase, computing for a query at a protected query Ma1 and for a response bt a protected response Mb1, means (CPU, MEM, IF) for, in an interactive phase, sending the protected query Ma1 to a second device (220), means (CPU, MEM, IF) for, in the interactive phase, receiving a protected response mbt and for comparing the received protected response mbt against the computed protected response
and means (CPU) for determining the distance based on a measurement of time elapsed between sending the protected query Ma1 to the second device (220) and receiving the protected response Mb1 from the second device (220).
10. A device (220) configured to operate as the second device as claimed in claim 8, comprising means (CPU, MEM) for, in a precomputing phase, computing for a query at a protected query Ma1 and for a response bl a protected response mbj, means (CPU, MEM, IF) for, in an interactive phase, receiving a protected query Ma1 from the first device (210) and for comparing the received protected query Ma1 against the computed protected query Ma1, and means (CPU, MEM, IF) for sending the protected response Wb1 to the first device (200).
11. A device (200, 220) configured to operate as both the device of claim 9 and the device of claim 10.
PCT/IB2006/053732 2005-10-13 2006-10-11 Improved proximity detection method WO2007043015A2 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
EP05109517.2 2005-10-13
EP05109517 2005-10-13

Publications (2)

Publication Number Publication Date
WO2007043015A2 true WO2007043015A2 (en) 2007-04-19
WO2007043015A3 WO2007043015A3 (en) 2007-09-07

Family

ID=37943201

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/IB2006/053732 WO2007043015A2 (en) 2005-10-13 2006-10-11 Improved proximity detection method

Country Status (1)

Country Link
WO (1) WO2007043015A2 (en)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP2090998A1 (en) * 2005-10-18 2009-08-19 Intertrust Technologies Corporation Digital rights management engine systems and methods
US8234387B2 (en) 2003-06-05 2012-07-31 Intertrust Technologies Corp. Interoperable systems and methods for peer-to-peer service orchestration
US9298955B2 (en) 2011-11-04 2016-03-29 Nxp B.V. Proximity assurance for short-range communication channels
US9589110B2 (en) 2011-04-11 2017-03-07 Intertrust Technologies Corporation Information security systems and methods
US9626667B2 (en) 2005-10-18 2017-04-18 Intertrust Technologies Corporation Digital rights management engine systems and methods

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2004014037A1 (en) * 2002-07-26 2004-02-12 Koninklijke Philips Electronics N.V. Secure authenticated distance measurement

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2004014037A1 (en) * 2002-07-26 2004-02-12 Koninklijke Philips Electronics N.V. Secure authenticated distance measurement

Cited By (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8234387B2 (en) 2003-06-05 2012-07-31 Intertrust Technologies Corp. Interoperable systems and methods for peer-to-peer service orchestration
US9317843B2 (en) 2003-06-05 2016-04-19 Intertrust Technologies Corporation Interoperable systems and methods for peer-to-peer service orchestration
US9466054B1 (en) 2003-06-05 2016-10-11 Intertrust Technologies Corporation Interoperable systems and methods for peer-to-peer service orchestration
EP2090998A1 (en) * 2005-10-18 2009-08-19 Intertrust Technologies Corporation Digital rights management engine systems and methods
US8688583B2 (en) 2005-10-18 2014-04-01 Intertrust Technologies Corporation Digital rights management engine systems and methods
US8776216B2 (en) 2005-10-18 2014-07-08 Intertrust Technologies Corporation Digital rights management engine systems and methods
US9626667B2 (en) 2005-10-18 2017-04-18 Intertrust Technologies Corporation Digital rights management engine systems and methods
US9589110B2 (en) 2011-04-11 2017-03-07 Intertrust Technologies Corporation Information security systems and methods
US10009384B2 (en) 2011-04-11 2018-06-26 Intertrust Technologies Corporation Information security systems and methods
US9298955B2 (en) 2011-11-04 2016-03-29 Nxp B.V. Proximity assurance for short-range communication channels

Also Published As

Publication number Publication date
WO2007043015A3 (en) 2007-09-07

Similar Documents

Publication Publication Date Title
US10091186B2 (en) Secure authenticated distance measurement
RU2295202C2 (en) Device, configured for data exchange and authentication method
US8468350B2 (en) Content transmission apparatus, content reception apparatus and content transmission method
CN102687483B (en) The provisional registration of equipment
US8225084B2 (en) Content transmitting device, content receiving device and content transmitting method
EP1810481B1 (en) Improved access to domain
US20080133918A1 (en) Method and apparatus for transmitting data using authentication
KR20070009983A (en) Method of authorizing access to content
US20070169203A1 (en) Method and apparatus for transmitting content to device which does not join domain
JP2010021875A (en) Data transmitter, data receiver, data transmission method, and data reception method
JP3801559B2 (en) COMMUNICATION DEVICE AND METHOD, RECORDING MEDIUM, AND PROGRAM
WO2007043015A2 (en) Improved proximity detection method
US8312166B2 (en) Proximity detection method
WO2007043014A1 (en) Method of encrypted communication using a keystream
JP4069458B2 (en) Data communication system and data communication method, data transmission device and data transmission method, data reception device and data reception method, and program
WO2007042996A1 (en) Improved security system
MXPA06008255A (en) Method of authorizing access to content

Legal Events

Date Code Title Description
NENP Non-entry into the national phase in:

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 06809569

Country of ref document: EP

Kind code of ref document: A2