`Hind et al.
`
`(10) Patent N0.:
`(45) Date of Patent:
`
`US 6,886,095 B1
`Apr. 26, 2005
`
`US006886095B1
`
`(54) METHOD AND APPARATUS FOR
`EFFICIENTLY INITIALIZING SECURE
`COMMUNICATIONS AMONG WIRELESS
`DEVICES
`
`(75) Inventors: John Raithel Hind, Raleigh, NC (Us);
`Marcia Lambert Peters, Raleigh, NC
`US
`(
`)
`(73) Assignee: International Business Machines
`Corporation, Armonk, NY (Us)
`
`( * ) Notice:
`
`Subject to any disclaimer, the term of this
`patent is extended or adjusted under 35
`U_S_C_ 154(k)) by 0 days'
`
`(21) APPL NO, 09/316,805
`
`(22) Filed:
`
`May 21, 1999
`
`(51) Int. Cl? ................................................ .. H04L 9/00
`(52) US. Cl. ..................... .. 713/168; 713/169;
`_
`(58) Field of Search ............................... .. 713/150, 156,
`713/168—170, 171, 173, 176, 189, 175;
`380/277, 278, 279, 282, 285
`References Cited
`
`(56)
`
`U.S. PATENT DOCUMENTS
`
`3/1994 Beller et a1. ................ .. 380/30
`5,299,263 A
`5,473,692 A 12/1995 Davis ........................ .. 380/25
`5,621,798 A
`4/1997 Aucsmith et al.
`5,949,877 A * 9/1999 TraW et al- --------------- -- 713/171
`6,178,409 B1 * 1/2001 Weber et al. ............ .. 705/79
`6,493,825 B1 * 12/2002 Blumenau et a1‘ """" " 713/168
`6,542,610 B1 * 4/2003 Traw et a1. ............... .. 380/262
`
`FOREIGN PATENT DOCUMENTS
`
`DE
`JP
`JP
`JP
`JP
`
`19730301
`02-301241
`04-117826
`04-129441
`04-191787
`
`7/1997 """""" " HO4L/9/32
`12/1990
`. . . . .
`. . . .. H04L/9/06
`4/1992
`........ .. H04L/9/28
`4/1992
`........... .. H04L/9/28
`7/1992
`.......... .. G09C/1/00
`
`JP
`JP
`JP
`JP
`JP
`WO
`
`.......... .. H040/7/04
`8/1994
`06-237484
`.... .. H04L/9/06
`7/1995
`07-193569
`.... .. H04L/9/06
`8/1996
`08-507619
`.... .. H04L/9/32
`7/1998
`10-507324
`.... .. H04L/9/32
`12/1998
`10-341224
`........... .. H04L/9/32
`11/2000
`0072506
`OTHER PUBLICATIONS
`
`ICPWC’99, IEEE, “System Design Issues for Low—Power,
`L0W—C0St Short Range Wireless Networking”, P- Bhagwat
`et al, IBM Thomas J. Watson Research Center, New York,
`pp. 264—268.
`IEEE Personal Communications, DeC- 1998, WiSAPI A
`Wireless PersonalAccess Network for Handheld Computing
`Devices, C. Bisdikian et al, pp. 18—25.
`“Bluetooth Feasability Analysis Summary” by David Molo
`ney, SSL, Dublin, Ireland, Jan. 1999, Document FLY—005.
`“AView of Certi?cate Technology in Internet/Intranet Com
`munications”
`by
`John
`R.
`Hind,
`http://
`c48jrh1.raleigh.ibm.com/web—Overview—of—Certi?
`Cateshtm pp H2
`Bluetooth Technology: The comvergence of Communica_
`tions And Computing by Andrew Seybold, http://www.gsm
`dataeom/artblue-htm, pp- 14
`
`* Cited by eXaminer
`Primary Examiner—Hosuk Song
`(74) Attorney, Agent, or Fzrm—Synnestvedt & Lechner,
`LLP
`
`(57)
`
`ABSTRACT
`
`A method and system for efficiently establishing secure
`communications between mobile devices in a radio network.
`The present invention utilizes public key Cryptography and
`unique hardware identi?ers to enable authorizations for
`access to wireless networks, such as picocells. The present
`invention prevents the mobile user from maintaining a
`plurality of secrets such as user identi?er/password pairs,
`PINs, or encryption keys, for access to each device to which
`he mi ht re Hire access
`g
`q
`'
`
`21 Claims, 9 Drawing Sheets
`
`100a
`
`1001
`
`1005 '1
`
`Inquiry
`
`Inquiry Result Identifier
`
`1010
`
`1030
`
`Enter PIN
`
`1025
`
`Establish Secure Connection
`
`1030
`1050
`1035 Generate Public/Private Key Fair
`1045 Create Certi?cate mm
`1055 Establish Secure Connection
`1060
`Send Certi?cate
`
`A65 Sign Certi?cate
`
`1070
`
`Send Signed Certi?cate
`
`Store Signed Certificate 1075
`
`Petitioner Apple Inc. - Exhibit 1049, p. 1
`
`
`
`US. Patent
`
`r.pA
`
`2
`
`e
`
`90
`
`1
`
`mmus2E.35
`
`
`
`
`
`
`
`m92:.9552gamma3555
`
`
`
`"myone.>239:
`
`
`
`:2:
`
`
`
`
`
`
`
`
`
`1and.83858930mm:23me
`
`
`
`$m>_i\o__n=n_29050mm...IE3:2855353:2mone.Ema>3.
`
`
`
`
`
`
`
` 6,iEiv%9858Bag95m22M,28:28sewmo<Uill?
`
`
`
`2onth3mecuc—
`
`w3828%8Baa22m
`
`
`
`
`
`cozowccoowesomwcm=nm~mmmmo.‘
`
`Petitioner Apple Inc. - Exhibit 1049, p. 2
`
`Petitioner Apple Inc. - Exhibit 1049, p. 2
`
`
`
`
`U.S. Patent
`
`Apr. 26,2005
`
`Sheet 2 0f 9
`
`US 6,886,095 B1
`
`EH JOE
`
`
`
`$3885 Q6! w .cwo ucmm
`
`
`
`25 2030 m2: 2E 9200
`
`
`
`>8. 6.55 Ba
`
`82 >wx Egan 22m
`
`
`
`w2m> 3628a mm
`
`
`
`nae 285:8 vmcgw 99m
`
`
`
`
`
`Petitioner Apple Inc. - Exhibit 1049, p. 3
`
`
`
`US. Patent
`
`Apr. 26, 2005
`
`Sheet 3 0f 9
`
`US 6,886,095 B1
`
`“an
`
`o«e.
`
`ill?
`
`552%.gammaas?
`
` 0::5:65
`
`m.aS9:9".EmamammoEmm
`
`
`
`a:8:85.00cmznfiwwI
`
`
`
` an:fix0.5.:2mm
`
`bin.>3.
`
`Mn2.29m2238
`
`
`
`>3.295
`
`
`8:>3.23?.a28$th85%2mm
`iEiv
`
`Petitioner Apple Inc. - Exhibit 1049, p. 4
`
`
`
`
`
`2.:0525355280ch
`
`Petitioner Apple Inc. - Exhibit 1049, p. 4
`
`
`
`
`
`
`U.S. Patent
`
`Apr. 26,2005
`
`Sheet 4 0f 9
`
`US 6,886,095 B1
`
`FQQN
`
`8.522652 N .05
`
`
`
`
`
`noon awmzvmm cozowccoo
`
`
`
`
`
`son cozumccoo oSQmwéQZ
`
`
`
`aucu >8; cowwwww
`
`QMON
`
`
`
`33 >61 8.66.3 92w
`
`
`
`mEoowm 6560
`
`
`
`
`
`even com?bucw mzmcw
`
`Petitioner Apple Inc. - Exhibit 1049, p. 5
`
`
`
`U.S. Patent
`
`Apr. 26,2005
`
`Sheet 5 0f 9
`
`US 6,886,095 B1
`
`vNh
`
`van.
`
`Petitioner Apple Inc. - Exhibit 1049, p. 6
`
`
`
`U.S. Patent
`US. Patent
`
`Apr. 26,2005
`Apr. 26, 2005
`
`Sheet 6 0f 9
`Sheet 6 0f 9
`
`US 6,886,095 B1
`US 6,886,095 B1
`
`a
`'82 2
`1050'
`4020
`4015
`4010
`2
`E
`e
`s
`<6
`6
`.9
`2% $6
`w
`3’:
`.o-v
`0 $2 E2 2
`m
`
`.8 2 >
`(D O
`
`L—
`
`C Q
`
`) E (
`
`D
`.9
`
`FIG.4
`
`> 0 D P
`
`PublicKey
`
`OptionalData
`
`o
`
`etitioner Apple Inc. - Exhibit 1049, p. 7
`
`Petitioner Apple Inc. - Exhibit 1049, p. 7
`
`
`
`US. Patent
`
`Apr. 26, 2005
`
`Sheet 7 0f 9
`
`US 6,886,095 B1
`
`3cI
`
`n 8 B
`
`3%
`“O
`9,“
`3U)
`C:
`
`o O
`
`8
`'5
`a)
`D
`5
`B
`4-:
`S
`..
`
`0
`
`8
`C
`OJ
`0
`L—
`o
`U
`2
`6
`(3
`
`o
`8
`In
`
`C
`.9
`13
`.5
`8
`5
`2
`a;
`Q)
`3
`g
`
`m
`
`M
`
`c
`
`2%
`2‘69
`00)
`:0)
`Luv
`o
`°6<
`C“
`§§
`98
`En:
`cu
`.C.o—c
`
`N.
`
`3 <
`
`
`
`
`
`“
`
`Oa
`
`<13
`
`0 a
`
`
`
`Petitioner Apple Inc. - Exhibit 1049, p. 8
`
`Petitioner Apple Inc. - Exhibit 1049, p. 8
`
`
`
`US. Patent
`
`r..pA
`
`mm
`
`%
`
`M
`
`1B5906,886,
`
`
`
`9.82309...:me83
`
`235505ES
`
`5c3»cozaaocmwcosmozcmcsd‘
`
`
`
`8‘Iilliiiiiweach382586mm
`
`mm.OE
`
`
`
`
`
`cozmwtofiqimEEEEOchum
`
`
`
`iimon;8:50.0US$50
`
`Petitioner Apple Inc. - Exhibit 1049, p. 9
`
`Petitioner Apple Inc. - Exhibit 1049, p. 9
`
`
`
`
`
`US. Patent
`
`r.pA
`
`m.
`
`w%
`
`9
`
`6
`
`6,
`
`1B
`
`
`
`mo.83%326.525523
`
`
`
`.366£253596o.83%mEmanQam:
`
`285thso:a.83859.58.8
`
`
`
`ommac-mcozmozcm£3<235
`
`pl‘iliiii'
`
`2,3:358:85
`
`Swoufiwo8333%=5me88:?008300natal8825has33gram35:5.3:m20on
`
`
`
`0.0E
`
`3cm6wummI
`
`
`
`
`
`wow,309:89.>05:95.83308am:
`
`
`
`
`
`mEco:29:rcou>9::mataaflow?Ba:
`
`Petitioner Apple Inc. - Exhibit 1049, p. 10
`
`Petitioner Apple Inc. - Exhibit 1049, p. 10
`
`
`
`
`US 6,886,095 B1
`
`1
`METHOD AND APPARATUS FOR
`EFFICIENTLY INITIALIZING SECURE
`COMMUNICATIONS AMONG WIRELESS
`DEVICES
`
`RELATED PATENTS
`The present application entitled “Method and Apparatus
`for Ef?ciently Initializing Secure Communications Among
`Wireless Devices” is related to other United States Patent
`applications ?led concurrently hereWith, and speci?cally to
`the applications entitled “Method and Apparatus for Ef?
`ciently Initializing Mobile Wireless Devices”, application
`Ser. No. 09/316,804 ?led May 21, 1999 and “Method and
`Apparatus for Exclusively Pairing Wireless Devices”, appli
`cation Ser. No. 09/316,6886 ?led May 21, 1999 now US.
`Pat. No. 6,772,731. All of these applications are assigned to
`the assignee of the present invention.
`The present invention relates generally to security man
`agement for Wireless devices and more particularly to cre
`ating a secure, short-range netWork for securely transmitting
`information among Wireless devices.
`
`BACKGROUND
`
`The proliferation of Wireless devices in computer net
`Works has created a signi?cant problem in the synchroniZa
`tion and secure interconnection of devices. Most Wireless
`devices today are digital, using radio Waves to communicate.
`A typical professional utiliZing Wireless devices today has a
`pager Which receives digital messages, a digital cellular
`phone and a notebook computer With a Wireless modem to
`retrieve and send e-mail. To connect to the of?ce or other
`netWorks requires special hardWare (such as adapter cards
`having transmission mechanisms) designed to connect to a
`Wide-area or local-area netWork, Which Will then alloW Wire
`line access to the resources that the professional Worker is
`accustomed to accessing.
`A standard has been proposed for the merger of mobile
`communications With mobile computing. This standard,
`referred to herein as ‘Bluetooth’, proposes the incorporation
`of a small, inexpensive radio into every mobile device. Since
`this radio is designed to a standard, the mobile device and
`radio combination can then be optimiZed to reduce interfer
`ence. The optimiZation is feasible since there is a common
`Wireless protocol implemented in a single radio frequency
`band, rather than the multitude of optional devices using
`diverse technologies in various radio frequency bands avail
`able for Wireless access today. The small, loW-poWered radio
`is intended for distribution in a module or chip that Will
`communicate With other ‘Bluetooth’ enabled products. The
`Bluetooth standard is de?ning the communications betWeen
`tWo selected devices and/or multiple selected devices. Fur
`ther information regarding the Bluetooth standard is avail
`able at their Website at http://WWW.bluetooth.com.
`The standard currently de?nes the use of an available,
`unlicensed 2.4 GHZ radio band that can support both voice
`and data exchange. While numerous commonly agreed-upon
`radio frequencies Would Work, this particular portion of the
`radio spectrum appears to be available WorldWide for loW
`poWer unlicensed use. With a 0-dBm transmitter, this loW
`poWered radio Will be effective to establish netWorks of
`devices Within about a 10 meter radius, With rapid degra
`dation as the distance increases. With a 20-dBm transmitter
`the effective radio range Will be about 100 meters. The
`loW-poWered radio module is intended to be built into
`mobile computers, mobile phones, 3-in-1 phones, printers,
`fax machines, modems, netWork interfaces (such as LAN or
`
`10
`
`15
`
`20
`
`25
`
`30
`
`35
`
`40
`
`45
`
`55
`
`60
`
`65
`
`2
`WAN connections), digital cameras, pagers, headphones,
`etc. Speeds of up to 721 Kbps for asymmetrical asynchro
`nous data transmission, or up to three isochronous 64 Kbps
`voice channels, or a combination of voice and data channels
`totaling less than 1 Mbps symbol rate per picocell, are
`currently supported by the speci?cation, and it is expected
`that the communication speeds Will increase as the technol
`ogy advances. Because Bluetooth uses frequency-hopping,
`several uncoordinated picocells can coexist Within radio
`proximity of each other.
`While this speci?cation describes a major leap in the
`ability of devices to interact, there is still a signi?cant
`problem With the establishment of secure channels for the
`devices. The speci?cation alloWs the hand held or Wireless
`devices to connect into What We Will term a “piconet” or
`“picocell”. The picocell is just a physically proximate (or
`small) netWork. This piconet replaces cables for intercon
`necting physically proximate devices (Within the above
`described radio range). An ‘access point’ (or Wireless
`device) With a Bluetooth radio can attach a picocell to an
`enterprise LAN or WAN. Deploying these neW devices in an
`enterprise uncovers several unique security and manage
`ment issues.
`Prior art in this area, such as the above speci?cation,
`de?nes methods for authentication and encryption at the
`baseband (physical) layer of the device, but these methods
`have heretofore-unrecognized limitations, Which Will be
`analyZed beloW. All of the prior-art methods that Will be
`described have the goal of securely providing a secret
`cryptographic key to both devices that is then used With
`suitable cryptographic means to perform authentication and
`encryption. These methods differ as to the manner in Which
`the key is obtained. They also differ as to their policies
`regarding the reuse of keys or their precursor PIN codes.
`A ?rst typical method that the prior art alloWs for is for
`tWo devices to receive, through some unspeci?ed external
`means, a secret key knoWn only to them. This method might
`be appropriate for tWo devices that are manufactured to be
`permanently paired With each other. They can store this key
`in association With the partner device’s identi?er and reuse
`the key every time they Wish to communicate. If no method
`is provided for changing the key, the tWo devices are
`permanently paired With one another and can never be
`paired With other devices that received a different permanent
`key at the time of manufacture. One draWback of such a
`policy of key reuse is that the security association betWeen
`the tWo devices is permanent. Another draWback is that if a
`third party Was somehoW able to learn the key, it Would be
`able to impersonate another device or eavesdrop on the tWo
`devices at Will thereafter. In all these scenarios, the third
`party could even impersonate or eavesdrop unobserved,
`since radio frequency communications in the intended RF
`spectrum can penetrate sight-barriers such as buildings and
`Walls.
`A second method often described, slightly more secure
`than the ?rst, might be appropriate for tWo devices that are
`to be exclusively paired With one another on a long-term
`basis, such as a personal computer and its Wireless mouse,
`or a cellular telephone and its Wireless telephone headset.
`This method requires both devices to be provided With the
`same string called a “PIN”. The PIN may be provided by the
`manufacturer, or entered at each device by a user. The prior
`art de?nes hoW the PIN is combined With certain knoWn,
`?xed data and certain ephemeral data to generate a secret
`key that is subsequently used for authentication and encryp
`tion. The precise details of hoW that occurs are not important
`here. Both devices Wishing to create a long-term “pairing”
`
`Petitioner Apple Inc. - Exhibit 1049, p. 11
`
`
`
`US 6,886,095 B1
`
`3
`relationship store the key associated With the paired device.
`The PIN that Was used to generate the key is no longer
`needed, and can either be kept or discarded. This stored key
`is then reused anytime the paired devices Wish to commu
`nicate securely. If a device changes oWnership, it is possible
`to delete the prior key, enter a PIN for a neW pairing
`relationship, and create and store a neW key. One draWback
`of this method is that if a third party somehoW learns the
`PIN, such as by eavesdropping on a verbal exchange or
`keypad entry, it can learn the key by eavesdropping on the
`pairing ?oWs. Once it knoWs the key, it can impersonate
`another device or eavesdrop on encrypted communications.
`A third variation provided by the prior art might be
`appropriate for tWo devices that Wish to trust each other only
`for the duration of a single transaction or data exchange. In
`this method, the user enters a PIN on both devices just prior
`to the transaction. The PIN is used, as above, to generate a
`key. The key is used for authentication and encryption for
`the transaction, but both the PIN and the key are deleted after
`the transaction. If the tWo devices Wish to do another
`transaction sometime in the future, both must be con?gured
`With a PIN again, a process that is burdensome to the user.
`In a less-secure variation of this third method, a device
`stores the PIN in association With an identi?er for the partner
`device, but deletes the key after use. Thus it reuses the same
`PIN Whenever communicating With the same partner, but
`generates a fresh key before each communications session.
`The third method improves upon the security of the second
`method by changing the key frequently, thus limiting the
`duration of time that a third party could violate security if it
`is successful in learning the PIN and eavesdropping during
`the pairing ?oWs.
`A fourth method knoWn in the prior art is to request
`baseband authentication and encryption, but to generate a
`key for each neW communications session using a Zero
`length PIN. This method might be chosen by a manufacturer
`Who Wants their product to Work immediately upon removal
`from the shipping box, Without any con?guration by the
`user, and Wants to provide a minimal level of security. The
`draWbacks of this approach are similar to those of the third
`method, in that any third party Who knoWs that a Zero-length
`PIN is in use could eavesdrop on the pairing ?oWs and learn
`the secret key, enabling it to impersonate another device
`and/or eavesdrop on encrypted communications.
`Clearly a method that obtains the key through a non
`secure exchange has some potential for impersonation and
`eavesdropping. Current art suggests verbally telling another
`person the key or PIN number, or delivering it on a piece of
`paper or via e-mail, so that the secret may be entered on each
`device by that device’s user. If this verbal, paper, or e-mail
`exchange is observed by a third party, the secret may be
`compromised. Aslight improvement is to restrict knoWledge
`of the key or PIN to a single person, Who enters it on a
`keypad on both devices. This eliminates overhearing or
`seeing the key or PIN, but the keypad entry itself may be
`observed by a third party, such as by using a hidden camera.
`A method that generates a secret key for each communica
`tions session or transaction using a piece of data exchanged
`in an insecure manner is someWhat more secure, but still
`subject to impersonation and eavesdropping, should a mali
`cious third party eavesdrop on the key generation and
`exchange process. In the event a third party somehoW
`acquires the secret, clearly a policy of reusing the secret has
`a greater potential exposure than if the secret is never reused.
`The above described prior-art security methods are
`inadequate, burdensome, and unusable for mobile comput
`
`15
`
`25
`
`35
`
`40
`
`45
`
`55
`
`65
`
`4
`ers in an enterprise environment. An example of such a
`scenario addressed by the present invention is shoWn in
`Figure C.
`In FIG. 3 there exists a server 301 that is connected to a
`typical enterprise LAN 303. A second server 311 is con
`nected to the ?rst server 301 over a WAN and also
`connected, conventionally to a LAN 321. Wireless devices
`such as a Wireless notebook computer 315 can connect With
`a Wireless access point on the server 311. The Wireless
`device can also send information over the air Waves to a
`printer 313 directly (rather than transmitting the information
`to the server 311 and having the server use a conventional
`Wire line connection to transmit the information to the
`printer 313).
`Another scenario depicted in FIG. 3 includes a Wireless
`notebook computer 309, a telephone 307, and a pager 305.
`In this scenario, all three devices could communicate such
`that the telephone 307 or pager 305 could send messages to
`the notebook computer C19 for logging on the disk of the
`notebook computer 309. A realistic example of this in the
`business World might be Where someone is in a meeting and
`aWaiting the arrival of some urgent e-mail. The system could
`be set-up such that When neW e-mail arrived at the notebook
`computer 309 (either over a cellular modem or over a LAN
`attached to the notebook computer via a piconet), the subject
`or sender of the e-mail Would be sent from the notebook
`computer 309 to the pager 305 over the piconet and the
`pager Would vibrate and display the message. Alternatively,
`the computer could dial the Wireless telephone and, using a
`text-to-speech function, read aloud from an urgent e-mail.
`Another useful scenario might be Where a facsimile machine
`317 had a Wireless connection to a notebook computer 319
`such that the user of the notebook could utiliZe the under
`lying telephone netWork attached to the fax machine to send
`information to others Without having to plug and unplug
`cables from the mobile computer, or access a server Which
`has a connection to the printer. The connection Would be
`made Wirelessly directly betWeen the notebook computer
`319 and the facsimile machine 317. Yet another useful
`scenario is Where a cable modem or ADSL adapter in the
`home is provided With a Wireless transceiver, such that all
`type of devices in the home—such as personal computers,
`telephone handsets, television receivers, video recorders,
`audio speakers and audio recorders—can access the Wire
`line netWork by means of a Wireless connection. This offers
`a great convenience to users in that devices can easily be
`added or moved Without the inconvenience and expense of
`cables or in-premises Wiring. It is also desirable from the
`manufacturer or service providers point of vieW, since it
`alloWs for the consolidation of multiple services in a single
`physical access device.
`The problem that the prior art fails to address becomes
`extremely apparent When one considers an enterprise sce
`nario. “Enterprise” as used here refers to a very large-scale
`computer installation or netWork, such as is typically
`deployed by very large companies or organiZations With
`thousands to hundreds of thousands of employees. Due to
`their sheer siZe or because they are active in several geo
`graphical locations, enterprises often have numerous smaller
`sites and/or large campuses housing thousands of employ
`ees. Such sites and campuses are generally interconnected
`by netWorking facilities such that an employee traveling
`from one site to another can gain access to application
`programs, resources, databases, and other computer facili
`ties needed to do their job at any company location. In an
`enterprise scenario thousands to hundreds-of-thousands of
`users Will roam among several to thousands of sites carrying
`
`Petitioner Apple Inc. - Exhibit 1049, p. 12
`
`
`
`US 6,886,095 B1
`
`5
`Wireless devices, each Wishing to connect Wirelessly in an
`unplanned ad-hoc manner to several devices throughout a
`given day. “Roam” as used here refers to a user physically
`moving himself and his mobile device containing a radio
`module from one location to another.
`Because of the personal computer’s multi functional
`character (i.e. a PC usually runs many different programs
`that exchange data With many different applications and
`devices on behalf of many different users), a personal
`computer user’s security needs run the gamut from com
`pletely untrusted to totally trusted, Which further compli
`cates matters. The previously described state-of-the-art tech
`nology provides several Ways to implement security
`policies, but none is satisfactory for this enterprise context.
`Let us examine Whether any of the previously-described art
`can be used by a netWork administrator to limit access to a
`netWork.
`1. Devices could be permanently paired With one another
`by the manufacturer, but this is in?exible and prevents a
`device from having multiple communication partners.
`2. Devices could have long-term pairing relationships
`With speci?c other devices, for example by entering a
`common PIN at both devices, from Which a key could be
`created for storage and reuse, or a fresh key generated for
`each communication session. Besides the draWbacks previ
`ously listed, this policy does not meet the needs of a PC to
`have different levels of security for different communication
`partners and, indeed, for different transactions With the same
`partner.
`3. The administrator could con?gure all netWork access
`points With the same PIN, then provide the PIN to all
`possible mobile computer users that are alloWed access. This
`minimiZes the administrator’s con?guration effort since
`there is only one PIN to set up (albeit at multiple access
`points), and alloWs a properly-con?gured PC to roam any
`Where in the enterprise and gain access through any access
`point, but if the secret PIN is compromised, the malicious
`third party could gain access to all access points. If an
`authoriZed employee quits the company, there is no easy
`Way to revoke his access. This scheme is unacceptable
`because it is so insecure.
`4. The administrator could con?gure each netWork access
`point or group of access points With a different PIN, then
`provide the PINs of certain access points to certain sets of
`authoriZed users. If an unauthoriZed person learns a PIN, he
`gains access to a set of access points. Managing lists of PINs
`at numerous mobile computers becomes difficult. Revoking
`a user’s access privileges is dif?cult if the user retains the
`access device. The administrator could change the access
`points’ PIN to bar an unauthoriZed user, but this forces all
`authoriZed users to simultaneously update their con?gura
`tions. If the administrator Wants to add a neW netWork access
`point With a neW PIN, all authoriZed users must be noti?ed
`and must update their PCS. Giving a user access to different
`groups of access points, eg during travel, is dif?cult.
`Clearly this scheme is unWorkable.
`5. The administrator could assign a unique PIN to each
`mobile PC, and con?gure lists of authoriZed PINs at speci?c
`access points. Management is even more difficult. If the lists
`include all users, they may become unmanageably long, and
`also add to the cost of the access point devices since
`additional memory must be provided to store a large number
`of PINs. If the lists contain subsets of users, then a user’s
`ability to roam is limited. If a user is added or removed, the
`administrator has to update information at all relevant access
`points. This method is relatively secure, except that if a
`
`6
`person gains knoWledge of the access lists con?gured at any
`access point, he could gain access to multiple access points
`by impersonating another device or misappropriating
`another user’s PIN.
`As is apparent from the foregoing, short-range Wireless
`mobility presents a signi?cant security challenge to enter
`prise netWork administrators. This is addressed by the
`present invention.
`
`SUMMARY OF THE INVENTION
`
`The present invention alloWs the use of Wireless devices
`containing a radio module to connect in a secure manner
`using digital certi?cates. The present invention does not
`require manual entry of user identi?ers, passWords, or
`cryptographic keys. The present invention also alloWs for
`ef?cient administration of secure devices Within an enter
`prise Without creating additional administrative overhead for
`initialiZing the devices. It describes a method, apparatus and
`program product for authentication, securely generating and
`exchanging an ephemeral cryptographic key for encryption,
`and a means of performing and administering discrete access
`control in an enterprise, While eliminating the in?exibility of
`pre-con?gured secrets, and While reducing the security
`exposures associated With the manual entry, storage, and/or
`reuse of secrets.
`
`OBJECTS OF THE INVENTION
`
`It is an object of the present invention to provide a method
`for ef?ciently establishing secure communications among
`Wireless devices.
`It is a further object of the present invention to utiliZe
`existing public key cryptography in a neW and unique
`manner to accomplish the initialiZation of a secure commu
`nications among the Wireless devices.
`These and other objects of the present invention Will be
`described in further detail With respect to a perferred
`embodiment and the ?gures beloW.
`
`10
`
`15
`
`25
`
`35
`
`40
`
`BRIEF DESCRIPTION OF THE DRAWINGS
`
`FIGS. 1A and 1B depict typical setup ?oWs betWeen a
`mobile device With imbedded radio module and an admin
`istration server.
`FIG. 1C depicts initialiZation ?oWs for mobile devices
`With suf?cient computing poWer to generate their oWn
`public/private key pairs.
`FIG. 2 depicts a possible authentication How in the
`preferred embodiment of the present invention.
`FIG. 3 is a subset of a sample netWork in Which the
`present invention may be implemented.
`FIG. 4 is an exemplary device certi?cate layout.
`FIG. 5A depicts the ?oWs for centraliZed access control.
`FIG. 5B depicts the ?oWs for access control using a
`disconnected mode.
`FIG. 6 depicts the pairing of consumer devices using
`device certi?cates.
`
`45
`
`55
`
`DETAILED DESCRIPTION OF THE
`PREFERRED EMBODIMENT
`
`The preferred embodiment of the present invention is
`presented to provide sufficient enabling information such
`that the reader may implement the present invention. It is not
`meant to limit or restrict the invention in any Way.
`The designers of the Bluetooth speci?cation have not
`prohibited performing authentication and encryption at the
`
`65
`
`Petitioner Apple Inc. - Exhibit 1049, p. 13
`
`
`
`US 6,886,095 B1
`
`15
`
`25
`
`7
`baseband (or physical) layer, but current methods for ini
`tialiZing such authentication and encryption have unaccept
`able characteristics for mobile computers especially in an
`enterprise context. There is, as yet, signi?cant confusion as
`to hoW to implement security (i.e., authentication,
`encryption, access control, and the administration of the
`same) ef?ciently in an enterprise. The present methodology
`of de?ning Who can interact With Whom and Which ‘shared
`secrets’ (such as PIN numbers, cryptographic keys, etc.) Will
`be used to secure the connections betWeen speci?c devices,
`users, applications and groups does not yet exist.
`In enterprise situations, Which the majority of the speci
`?cation is targeted toWards, the problem of security becomes
`enormous. Each application as Well as each device may
`require a different level of security, requiring the ability to
`alloW different levels of security accesses. None of the
`contemplated solutions such as the extremes of entering a
`PIN before each transaction and never storing the PIN or
`cryptographic key, or using the same stored PIN or crypto
`graphic key repeatedly for all transactions, is acceptable. A
`midpoint security option of generating ephemeral neW cryp
`tographic keys on the ?y from a stored PIN is unacceptable
`also since anyone Who knoWs the PIN can potentially learn
`the neW link key by eavesdropping on the pairing ?oWs.
`The present invention solves this and other problems of
`securely communicating in a Wireless environment, as Well
`as potentially other environments. The present invention is
`no Way limited to the present implementation. It is equally
`applicable to any mobile environment Where devices are
`frequently accessing other devices and require a secure form
`of identi?cation or authentication, a method to securely
`generate and exchange cryptographic keys Which can be
`used for encryption and other purposes, and a method of
`discrete (i.e. per device, per user, per group, per application,
`or per transaction) access control, including the ability to
`add, revoke or change access privileges.
`The preferred embodiment of the present invention
`involves a combination of certi?cates associated With users
`and devices. Certi?cates, as shoWn in FIG. 4, generally
`contain at least a device identi?er 4010, a device’s public
`key 4015, and an area for optional data 4020. In addition the
`preferred embodiment of the present invention involves a
`centrally administered access control database.
`In the prior art, certi?cates have been associated With
`users or high-level application programs, not With devices.
`Hence, a user could take a certi?cate With its corresponding
`private key from Workstation to Workstation on something
`such as a smart card and the certi?cate identi?ed the user
`(the private key being the proxy of the user Who controlled
`its use). The veri?cation and validation of the certi?cate Was
`done through TCP/IP ?oWs betWeen the communicating
`devices. The present invention tightly couples the certi?cate
`With the device, or more speci?cally With the radio module
`contained in the device, Whose unique identi?er is used as
`the certi?cate’s unique identi?er.
`The preferred embodiment of the present invention
`assigns a certi?cate to each device containing the proposed
`radio module. The exemplary certi?cate described contains
`the device’s unique 48-bit IEEE (MAC) address (although
`any unique identi?er could be used equally effectively), the
`device’s public key, a validity period, and a signature from
`a Certi?cate Authority. In the preferred embodiment of the
`present invention, the device identi?er is stored in the
`certi?cate’s “subject” ?eld. Each device also has associated
`With it (a public key, private key) pair, said public key being
`the same public key stored in the above-mentioned certi?
`
`8
`cate. The device must also acquire the root Certi?cate
`Authority’s public key or the public key of a Certi?cate
`Authority in the chain authoriZation chain (herein after
`referred to as the CA’s public key) so that it can verify the
`authenticity of certi?cates received from other devices. The
`signature of the Certi?cate Authority indicates that the
`association betWeen devi