(12) United States Patent
`Hind et al.
`
`(10) Patent N0.:
`(45) Date of Patent:
`
`US 6,886,095 B1
`Apr. 26, 2005
`
`US006886095B1
`
`(54) METHOD AND APPARATUS FOR
`EFFICIENTLY INITIALIZING SECURE
`COMMUNICATIONS AMONG WIRELESS
`DEVICES
`
`(75) Inventors: John Raithel Hind, Raleigh, NC (Us);
`Marcia Lambert Peters, Raleigh, NC
`US
`(
`)
`(73) Assignee: International Business Machines
`Corporation, Armonk, NY (Us)
`
`( * ) Notice:
`
`Subject to any disclaimer, the term of this
`patent is extended or adjusted under 35
`U_S_C_ 154(k)) by 0 days'
`
`(21) APPL NO, 09/316,805
`
`(22) Filed:
`
`May 21, 1999
`
`(51) Int. Cl? ................................................ .. H04L 9/00
`(52) US. Cl. ..................... .. 713/168; 713/169;
`_
`(58) Field of Search ............................... .. 713/150, 156,
`713/168—170, 171, 173, 176, 189, 175;
`380/277, 278, 279, 282, 285
`References Cited
`
`(56)
`
`U.S. PATENT DOCUMENTS
`
`3/1994 Beller et a1. ................ .. 380/30
`5,299,263 A
`5,473,692 A 12/1995 Davis ........................ .. 380/25
`5,621,798 A
`4/1997 Aucsmith et al.
`5,949,877 A * 9/1999 TraW et al- --------------- -- 713/171
`6,178,409 B1 * 1/2001 Weber et al. ............ .. 705/79
`6,493,825 B1 * 12/2002 Blumenau et a1‘ """" " 713/168
`6,542,610 B1 * 4/2003 Traw et a1. ............... .. 380/262
`
`FOREIGN PATENT DOCUMENTS
`
`DE
`JP
`JP
`JP
`JP
`
`19730301
`02-301241
`04-117826
`04-129441
`04-191787
`
`7/1997 """""" " HO4L/9/32
`12/1990
`. . . . .
`. . . .. H04L/9/06
`4/1992
`........ .. H04L/9/28
`4/1992
`........... .. H04L/9/28
`7/1992
`.......... .. G09C/1/00
`
`JP
`JP
`JP
`JP
`JP
`WO
`
`.......... .. H040/7/04
`8/1994
`06-237484
`.... .. H04L/9/06
`7/1995
`07-193569
`.... .. H04L/9/06
`8/1996
`08-507619
`.... .. H04L/9/32
`7/1998
`10-507324
`.... .. H04L/9/32
`12/1998
`10-341224
`........... .. H04L/9/32
`11/2000
`0072506
`OTHER PUBLICATIONS
`
`ICPWC’99, IEEE, “System Design Issues for Low—Power,
`L0W—C0St Short Range Wireless Networking”, P- Bhagwat
`et al, IBM Thomas J. Watson Research Center, New York,
`pp. 264—268.
`IEEE Personal Communications, DeC- 1998, WiSAPI A
`Wireless PersonalAccess Network for Handheld Computing
`Devices, C. Bisdikian et al, pp. 18—25.
`“Bluetooth Feasability Analysis Summary” by David Molo
`ney, SSL, Dublin, Ireland, Jan. 1999, Document FLY—005.
`“AView of Certi?cate Technology in Internet/Intranet Com
`munications”
`by
`John
`R.
`Hind,
`http://
`c48jrh1.raleigh.ibm.com/web—Overview—of—Certi?
`Cateshtm pp H2
`Bluetooth Technology: The comvergence of Communica_
`tions And Computing by Andrew Seybold, http://www.gsm
`dataeom/artblue-htm, pp- 14
`
`* Cited by eXaminer
`Primary Examiner—Hosuk Song
`(74) Attorney, Agent, or Fzrm—Synnestvedt & Lechner,
`LLP
`
`(57)
`
`ABSTRACT
`
`A method and system for efficiently establishing secure
`communications between mobile devices in a radio network.
`The present invention utilizes public key Cryptography and
`unique hardware identi?ers to enable authorizations for
`access to wireless networks, such as picocells. The present
`invention prevents the mobile user from maintaining a
`plurality of secrets such as user identi?er/password pairs,
`PINs, or encryption keys, for access to each device to which
`he mi ht re Hire access
`g
`q
`'
`
`21 Claims, 9 Drawing Sheets
`
`100a
`
`1001
`
`1005 '1
`
`Inquiry
`
`Inquiry Result Identifier
`
`1010
`
`1030
`
`Enter PIN
`
`1025
`
`Establish Secure Connection
`
`1030
`1050
`1035 Generate Public/Private Key Fair
`1045 Create Certi?cate mm
`1055 Establish Secure Connection
`1060
`Send Certi?cate
`
`A65 Sign Certi?cate
`
`1070
`
`Send Signed Certi?cate
`
`Store Signed Certificate 1075
`
`Petitioner Apple Inc. - Exhibit 1049, p. 1
`
`

`

`U.S. Patent
`
`Apr. 26, 2005
`
`Sheet 1 of 9
`
`US 6,886,095 B1
`
`OSOL
`
`
`
`ayeoyiyeyayeaD
`
`SPoL
`
`SZ2OL
`
`OfOoL
`
`SEOL
`
`
`
`ByEoyNI9Dpues
`
`SsoL
`
`o901
`
`OZOL
`
`
`ayeoyiienuBiscoy
`
`[0804|}ayeayaD
`
`
`neAdySIAL/IIGNgayesauacy
`
`peubispues
`
`
`uanosUUOaund—agYsiqe}sy
`
`
`
`GLO}ayeoyiagpaubig210}
` uoNaaUIO.)
`
`+———_||_____0
`
`
`
`BINDaSYsiqe}sy
`
`
`JayQuap|‘yWnsayAnbu}
`
`£OOL
`
`£008|
`
`Petitioner Apple Inc. - Exhibit 1049, p. 2
`
`Petitioner Apple Inc. - Exhibit 1049, p. 2
`
`
`
`
`

`

`U.S. Patent
`
`Apr. 26,2005
`
`Sheet 2 0f 9
`
`US 6,886,095 B1
`
`EH JOE
`
`
`
`$3885 Q6! w .cwo ucmm
`
`
`
`25 2030 m2: 2E 9200
`
`
`
`>8. 6.55 Ba
`
`82 >wx Egan 22m
`
`
`
`w2m> 3628a mm
`
`
`
`nae 285:8 vmcgw 99m
`
`
`
`
`
`Petitioner Apple Inc. - Exhibit 1049, p. 3
`
`

`

`U.S. Patent
`
`Apr. 26, 2005
`
`Sheet 3 of 9
`
`US 6,886,095 B1
`
`uisdajsseawes
`
`
`
`atevianbiy
`
`——_{,0808|OEEKayDNQN,9212D1E9pauBigpues
`
`
`
`
`OCbEUONDEUUOSYSIqejsy»
` SZbLAeyd1QNdpuss
`
` OLObAuinbu|
`
` Byesauay|#10|-____—ozos
`
`OLELESICAUA/OIIQN,
`
`
`seynuapy3INSayAuinbu|
`
`GLEEB10\SAjaunoeg
`
`Aayayeaug
`
`eqAay
`
`Petitioner Apple Inc. - Exhibit 1049, p. 4
`
`Petitioner Apple Inc. - Exhibit 1049, p. 4
`
`
`
`
`

`

`U.S. Patent
`
`Apr. 26,2005
`
`Sheet 4 0f 9
`
`US 6,886,095 B1
`
`FQQN
`
`8.522652 N .05
`
`
`
`
`
`noon awmzvmm cozowccoo
`
`
`
`
`
`son cozumccoo oSQmwéQZ
`
`
`
`aucu >8; cowwwww
`
`QMON
`
`
`
`33 >61 8.66.3 92w
`
`
`
`mEoowm 6560
`
`
`
`
`
`even com?bucw mzmcw
`
`Petitioner Apple Inc. - Exhibit 1049, p. 5
`
`

`

`U.S. Patent
`
`Apr. 26,2005
`
`Sheet 5 0f 9
`
`US 6,886,095 B1
`
`vNh
`
`van.
`
`Petitioner Apple Inc. - Exhibit 1049, p. 6
`
`

`

`U.S. Patent
`U.S. Patent
`
`Apr.26, 2005
`Apr. 26,2005
`
`Sheet 6 of 9
`Sheet 6 0f 9
`
`US 6,886,095 B1
`US 6,886,095 B1
`
`See
`
`1050°
`a
`'82 2
`4015
`4020
`2
`E
`e
`s
`<6
`6
`2% $6
`w
`0 $2 E2 2
`m
`
`.8 2 >
`(D O
`
`FIG.4
`
`OQ
`OptionalData
`
`PublicKey
`
`o
`
`®=w
`
`he
`Cc
`
`®3 ®2S@
`
`®
`
`Petitioner Apple Inc. - Exhibit 1049, p. 7
`
`Petitioner Apple Inc. - Exhibit 1049, p. 7
`
`

`

`U.S. Patent
`
`Apr. 26, 2005
`
`Sheet 7 of 9
`
`US 6,886,095 B1
`
`$Si
`
`n 8g
`
`3c
`
`p]
`Cc
`
`5 O
`
`o
`
`s 8
`©
`S 9
`3
`m a
`
`o
`Ee
`@
`QO
`5
`S
`—_
`oS
`©
`
`°
`
`o
`
`Cc
`D
`A
`bem
`5
`Oo
`2
`f
`oO
`
`¢ 2©
`
`AN
`5
`£
`Zz
`%
`@
`=
`r
`
`~
`
`3
`2
`BS
`
`c
`
`za
`
`o]
`
`0
`Oo;
`Qg
`ci;
`wi
`2
`msi
`ci
`ws
`Z|
`3
`Oo&|
`8
`cl
`a
`o
`£&—_
`=
`<<
`
`Petitioner Apple Inc. - Exhibit 1049, p. 8
`
`
`
`<f
`
`©
`3
`
`
`
`>
`
`=]8
`
`
`
`Petitioner Apple Inc. - Exhibit 1049, p. 8
`
`

`

`U.S. Patent
`
`Apr. 26, 2005
`
`Sheet 8 of 9
`
`US 6,886,095 B1
`
`
`
`
`
`UOHEZUOUINYBULBSOLLE
`
`
`jeuondoOeuiwex3
`QICdIJIN9Duleyed
`2meeerkRoerensenreenencigKoaOWeeSNNias
`
`oes
`
`Pacaregeenlseras
`
`oorsannanenRRozos
` OLOSuondAouy9UOHeOyUsUINY
`
`sscosaeuneaenenssnnaeunnennneneaereeeneemeenaettCEEreeremermorresaeneeeeeneneeenemnereaeeereenseresentnesenasennaneteeeesmermnarramarnarieavsnataseereasncnseIOSESpaiuag10payuEy
`
`
`ssaooyjsenbay
`
`dS“Old
`
`Petitioner Apple Inc. - Exhibit 1049, p. 9
`
`Petitioner Apple Inc. - Exhibit 1049, p. 9
`
`
`
`

`

`U.S. Patent
`
`Apr. 26, 2005
`
`Sheet 9 of 9
`
`US 6,886,095 B1
`
`
`
`
`
`
`JUSSIIBJBOYIISDBd1A9qobo9JUSSsJeOyNIBdIAeG
`
`
`
`
`Buuregsayenulsasy)ozo9Buvieysayeniuysasy
`apesrrenecennecennennnmnnnnnnnnnnannenneinnnczanensoremananensannnenmnaranarunrenannnsenenenttnnesenttettra
`
`posedup)poedun
`
`
`Osog9UMpodeldsipg)adlAepsesedwoodJasp)
`
`
`
`
`0£09yYyoyew1,U0pAou}f1Buuredsyoalousosn
`
`
`
`0909yoyewAdu)ytBulwedsj}dacoesasp
`
`BEIIJNPY9DWoyG)eo1AeqAeldsiq
`
`
`
`
`
`QIaIAappapiroidAyeusayxe
`
`
`
`
`
`SMO}-4UOIPEOHUSYINYocos
`
`9Vid
`
`
`
`L009jaspee}
`
`Petitioner Apple Inc. - Exhibit 1049, p. 10
`
`Petitioner Apple Inc. - Exhibit 1049, p. 10
`
`
`

`

`US 6,886,095 B1
`
`1
`METHOD AND APPARATUS FOR
`EFFICIENTLY INITIALIZING SECURE
`COMMUNICATIONS AMONG WIRELESS
`DEVICES
`
`RELATED PATENTS
`The present application entitled “Method and Apparatus
`for Ef?ciently Initializing Secure Communications Among
`Wireless Devices” is related to other United States Patent
`applications ?led concurrently hereWith, and speci?cally to
`the applications entitled “Method and Apparatus for Ef?
`ciently Initializing Mobile Wireless Devices”, application
`Ser. No. 09/316,804 ?led May 21, 1999 and “Method and
`Apparatus for Exclusively Pairing Wireless Devices”, appli
`cation Ser. No. 09/316,6886 ?led May 21, 1999 now US.
`Pat. No. 6,772,731. All of these applications are assigned to
`the assignee of the present invention.
`The present invention relates generally to security man
`agement for Wireless devices and more particularly to cre
`ating a secure, short-range netWork for securely transmitting
`information among Wireless devices.
`
`BACKGROUND
`
`The proliferation of Wireless devices in computer net
`Works has created a signi?cant problem in the synchroniZa
`tion and secure interconnection of devices. Most Wireless
`devices today are digital, using radio Waves to communicate.
`A typical professional utiliZing Wireless devices today has a
`pager Which receives digital messages, a digital cellular
`phone and a notebook computer With a Wireless modem to
`retrieve and send e-mail. To connect to the of?ce or other
`netWorks requires special hardWare (such as adapter cards
`having transmission mechanisms) designed to connect to a
`Wide-area or local-area netWork, Which Will then alloW Wire
`line access to the resources that the professional Worker is
`accustomed to accessing.
`A standard has been proposed for the merger of mobile
`communications With mobile computing. This standard,
`referred to herein as ‘Bluetooth’, proposes the incorporation
`of a small, inexpensive radio into every mobile device. Since
`this radio is designed to a standard, the mobile device and
`radio combination can then be optimiZed to reduce interfer
`ence. The optimiZation is feasible since there is a common
`Wireless protocol implemented in a single radio frequency
`band, rather than the multitude of optional devices using
`diverse technologies in various radio frequency bands avail
`able for Wireless access today. The small, loW-poWered radio
`is intended for distribution in a module or chip that Will
`communicate With other ‘Bluetooth’ enabled products. The
`Bluetooth standard is de?ning the communications betWeen
`tWo selected devices and/or multiple selected devices. Fur
`ther information regarding the Bluetooth standard is avail
`able at their Website at http://WWW.bluetooth.com.
`The standard currently de?nes the use of an available,
`unlicensed 2.4 GHZ radio band that can support both voice
`and data exchange. While numerous commonly agreed-upon
`radio frequencies Would Work, this particular portion of the
`radio spectrum appears to be available WorldWide for loW
`poWer unlicensed use. With a 0-dBm transmitter, this loW
`poWered radio Will be effective to establish netWorks of
`devices Within about a 10 meter radius, With rapid degra
`dation as the distance increases. With a 20-dBm transmitter
`the effective radio range Will be about 100 meters. The
`loW-poWered radio module is intended to be built into
`mobile computers, mobile phones, 3-in-1 phones, printers,
`fax machines, modems, netWork interfaces (such as LAN or
`
`10
`
`15
`
`20
`
`25
`
`30
`
`35
`
`40
`
`45
`
`55
`
`60
`
`65
`
`2
`WAN connections), digital cameras, pagers, headphones,
`etc. Speeds of up to 721 Kbps for asymmetrical asynchro
`nous data transmission, or up to three isochronous 64 Kbps
`voice channels, or a combination of voice and data channels
`totaling less than 1 Mbps symbol rate per picocell, are
`currently supported by the speci?cation, and it is expected
`that the communication speeds Will increase as the technol
`ogy advances. Because Bluetooth uses frequency-hopping,
`several uncoordinated picocells can coexist Within radio
`proximity of each other.
`While this speci?cation describes a major leap in the
`ability of devices to interact, there is still a signi?cant
`problem With the establishment of secure channels for the
`devices. The speci?cation alloWs the hand held or Wireless
`devices to connect into What We Will term a “piconet” or
`“picocell”. The picocell is just a physically proximate (or
`small) netWork. This piconet replaces cables for intercon
`necting physically proximate devices (Within the above
`described radio range). An ‘access point’ (or Wireless
`device) With a Bluetooth radio can attach a picocell to an
`enterprise LAN or WAN. Deploying these neW devices in an
`enterprise uncovers several unique security and manage
`ment issues.
`Prior art in this area, such as the above speci?cation,
`de?nes methods for authentication and encryption at the
`baseband (physical) layer of the device, but these methods
`have heretofore-unrecognized limitations, Which Will be
`analyZed beloW. All of the prior-art methods that Will be
`described have the goal of securely providing a secret
`cryptographic key to both devices that is then used With
`suitable cryptographic means to perform authentication and
`encryption. These methods differ as to the manner in Which
`the key is obtained. They also differ as to their policies
`regarding the reuse of keys or their precursor PIN codes.
`A ?rst typical method that the prior art alloWs for is for
`tWo devices to receive, through some unspeci?ed external
`means, a secret key knoWn only to them. This method might
`be appropriate for tWo devices that are manufactured to be
`permanently paired With each other. They can store this key
`in association With the partner device’s identi?er and reuse
`the key every time they Wish to communicate. If no method
`is provided for changing the key, the tWo devices are
`permanently paired With one another and can never be
`paired With other devices that received a different permanent
`key at the time of manufacture. One draWback of such a
`policy of key reuse is that the security association betWeen
`the tWo devices is permanent. Another draWback is that if a
`third party Was somehoW able to learn the key, it Would be
`able to impersonate another device or eavesdrop on the tWo
`devices at Will thereafter. In all these scenarios, the third
`party could even impersonate or eavesdrop unobserved,
`since radio frequency communications in the intended RF
`spectrum can penetrate sight-barriers such as buildings and
`Walls.
`A second method often described, slightly more secure
`than the ?rst, might be appropriate for tWo devices that are
`to be exclusively paired With one another on a long-term
`basis, such as a personal computer and its Wireless mouse,
`or a cellular telephone and its Wireless telephone headset.
`This method requires both devices to be provided With the
`same string called a “PIN”. The PIN may be provided by the
`manufacturer, or entered at each device by a user. The prior
`art de?nes hoW the PIN is combined With certain knoWn,
`?xed data and certain ephemeral data to generate a secret
`key that is subsequently used for authentication and encryp
`tion. The precise details of hoW that occurs are not important
`here. Both devices Wishing to create a long-term “pairing”
`
`Petitioner Apple Inc. - Exhibit 1049, p. 11
`
`

`

`US 6,886,095 B1
`
`3
`relationship store the key associated With the paired device.
`The PIN that Was used to generate the key is no longer
`needed, and can either be kept or discarded. This stored key
`is then reused anytime the paired devices Wish to commu
`nicate securely. If a device changes oWnership, it is possible
`to delete the prior key, enter a PIN for a neW pairing
`relationship, and create and store a neW key. One draWback
`of this method is that if a third party somehoW learns the
`PIN, such as by eavesdropping on a verbal exchange or
`keypad entry, it can learn the key by eavesdropping on the
`pairing ?oWs. Once it knoWs the key, it can impersonate
`another device or eavesdrop on encrypted communications.
`A third variation provided by the prior art might be
`appropriate for tWo devices that Wish to trust each other only
`for the duration of a single transaction or data exchange. In
`this method, the user enters a PIN on both devices just prior
`to the transaction. The PIN is used, as above, to generate a
`key. The key is used for authentication and encryption for
`the transaction, but both the PIN and the key are deleted after
`the transaction. If the tWo devices Wish to do another
`transaction sometime in the future, both must be con?gured
`With a PIN again, a process that is burdensome to the user.
`In a less-secure variation of this third method, a device
`stores the PIN in association With an identi?er for the partner
`device, but deletes the key after use. Thus it reuses the same
`PIN Whenever communicating With the same partner, but
`generates a fresh key before each communications session.
`The third method improves upon the security of the second
`method by changing the key frequently, thus limiting the
`duration of time that a third party could violate security if it
`is successful in learning the PIN and eavesdropping during
`the pairing ?oWs.
`A fourth method knoWn in the prior art is to request
`baseband authentication and encryption, but to generate a
`key for each neW communications session using a Zero
`length PIN. This method might be chosen by a manufacturer
`Who Wants their product to Work immediately upon removal
`from the shipping box, Without any con?guration by the
`user, and Wants to provide a minimal level of security. The
`draWbacks of this approach are similar to those of the third
`method, in that any third party Who knoWs that a Zero-length
`PIN is in use could eavesdrop on the pairing ?oWs and learn
`the secret key, enabling it to impersonate another device
`and/or eavesdrop on encrypted communications.
`Clearly a method that obtains the key through a non
`secure exchange has some potential for impersonation and
`eavesdropping. Current art suggests verbally telling another
`person the key or PIN number, or delivering it on a piece of
`paper or via e-mail, so that the secret may be entered on each
`device by that device’s user. If this verbal, paper, or e-mail
`exchange is observed by a third party, the secret may be
`compromised. Aslight improvement is to restrict knoWledge
`of the key or PIN to a single person, Who enters it on a
`keypad on both devices. This eliminates overhearing or
`seeing the key or PIN, but the keypad entry itself may be
`observed by a third party, such as by using a hidden camera.
`A method that generates a secret key for each communica
`tions session or transaction using a piece of data exchanged
`in an insecure manner is someWhat more secure, but still
`subject to impersonation and eavesdropping, should a mali
`cious third party eavesdrop on the key generation and
`exchange process. In the event a third party somehoW
`acquires the secret, clearly a policy of reusing the secret has
`a greater potential exposure than if the secret is never reused.
`The above described prior-art security methods are
`inadequate, burdensome, and unusable for mobile comput
`
`15
`
`25
`
`35
`
`40
`
`45
`
`55
`
`65
`
`4
`ers in an enterprise environment. An example of such a
`scenario addressed by the present invention is shoWn in
`Figure C.
`In FIG. 3 there exists a server 301 that is connected to a
`typical enterprise LAN 303. A second server 311 is con
`nected to the ?rst server 301 over a WAN and also
`connected, conventionally to a LAN 321. Wireless devices
`such as a Wireless notebook computer 315 can connect With
`a Wireless access point on the server 311. The Wireless
`device can also send information over the air Waves to a
`printer 313 directly (rather than transmitting the information
`to the server 311 and having the server use a conventional
`Wire line connection to transmit the information to the
`printer 313).
`Another scenario depicted in FIG. 3 includes a Wireless
`notebook computer 309, a telephone 307, and a pager 305.
`In this scenario, all three devices could communicate such
`that the telephone 307 or pager 305 could send messages to
`the notebook computer C19 for logging on the disk of the
`notebook computer 309. A realistic example of this in the
`business World might be Where someone is in a meeting and
`aWaiting the arrival of some urgent e-mail. The system could
`be set-up such that When neW e-mail arrived at the notebook
`computer 309 (either over a cellular modem or over a LAN
`attached to the notebook computer via a piconet), the subject
`or sender of the e-mail Would be sent from the notebook
`computer 309 to the pager 305 over the piconet and the
`pager Would vibrate and display the message. Alternatively,
`the computer could dial the Wireless telephone and, using a
`text-to-speech function, read aloud from an urgent e-mail.
`Another useful scenario might be Where a facsimile machine
`317 had a Wireless connection to a notebook computer 319
`such that the user of the notebook could utiliZe the under
`lying telephone netWork attached to the fax machine to send
`information to others Without having to plug and unplug
`cables from the mobile computer, or access a server Which
`has a connection to the printer. The connection Would be
`made Wirelessly directly betWeen the notebook computer
`319 and the facsimile machine 317. Yet another useful
`scenario is Where a cable modem or ADSL adapter in the
`home is provided With a Wireless transceiver, such that all
`type of devices in the home—such as personal computers,
`telephone handsets, television receivers, video recorders,
`audio speakers and audio recorders—can access the Wire
`line netWork by means of a Wireless connection. This offers
`a great convenience to users in that devices can easily be
`added or moved Without the inconvenience and expense of
`cables or in-premises Wiring. It is also desirable from the
`manufacturer or service providers point of vieW, since it
`alloWs for the consolidation of multiple services in a single
`physical access device.
`The problem that the prior art fails to address becomes
`extremely apparent When one considers an enterprise sce
`nario. “Enterprise” as used here refers to a very large-scale
`computer installation or netWork, such as is typically
`deployed by very large companies or organiZations With
`thousands to hundreds of thousands of employees. Due to
`their sheer siZe or because they are active in several geo
`graphical locations, enterprises often have numerous smaller
`sites and/or large campuses housing thousands of employ
`ees. Such sites and campuses are generally interconnected
`by netWorking facilities such that an employee traveling
`from one site to another can gain access to application
`programs, resources, databases, and other computer facili
`ties needed to do their job at any company location. In an
`enterprise scenario thousands to hundreds-of-thousands of
`users Will roam among several to thousands of sites carrying
`
`Petitioner Apple Inc. - Exhibit 1049, p. 12
`
`

`

`US 6,886,095 B1
`
`5
`Wireless devices, each Wishing to connect Wirelessly in an
`unplanned ad-hoc manner to several devices throughout a
`given day. “Roam” as used here refers to a user physically
`moving himself and his mobile device containing a radio
`module from one location to another.
`Because of the personal computer’s multi functional
`character (i.e. a PC usually runs many different programs
`that exchange data With many different applications and
`devices on behalf of many different users), a personal
`computer user’s security needs run the gamut from com
`pletely untrusted to totally trusted, Which further compli
`cates matters. The previously described state-of-the-art tech
`nology provides several Ways to implement security
`policies, but none is satisfactory for this enterprise context.
`Let us examine Whether any of the previously-described art
`can be used by a netWork administrator to limit access to a
`netWork.
`1. Devices could be permanently paired With one another
`by the manufacturer, but this is in?exible and prevents a
`device from having multiple communication partners.
`2. Devices could have long-term pairing relationships
`With speci?c other devices, for example by entering a
`common PIN at both devices, from Which a key could be
`created for storage and reuse, or a fresh key generated for
`each communication session. Besides the draWbacks previ
`ously listed, this policy does not meet the needs of a PC to
`have different levels of security for different communication
`partners and, indeed, for different transactions With the same
`partner.
`3. The administrator could con?gure all netWork access
`points With the same PIN, then provide the PIN to all
`possible mobile computer users that are alloWed access. This
`minimiZes the administrator’s con?guration effort since
`there is only one PIN to set up (albeit at multiple access
`points), and alloWs a properly-con?gured PC to roam any
`Where in the enterprise and gain access through any access
`point, but if the secret PIN is compromised, the malicious
`third party could gain access to all access points. If an
`authoriZed employee quits the company, there is no easy
`Way to revoke his access. This scheme is unacceptable
`because it is so insecure.
`4. The administrator could con?gure each netWork access
`point or group of access points With a different PIN, then
`provide the PINs of certain access points to certain sets of
`authoriZed users. If an unauthoriZed person learns a PIN, he
`gains access to a set of access points. Managing lists of PINs
`at numerous mobile computers becomes difficult. Revoking
`a user’s access privileges is dif?cult if the user retains the
`access device. The administrator could change the access
`points’ PIN to bar an unauthoriZed user, but this forces all
`authoriZed users to simultaneously update their con?gura
`tions. If the administrator Wants to add a neW netWork access
`point With a neW PIN, all authoriZed users must be noti?ed
`and must update their PCS. Giving a user access to different
`groups of access points, eg during travel, is dif?cult.
`Clearly this scheme is unWorkable.
`5. The administrator could assign a unique PIN to each
`mobile PC, and con?gure lists of authoriZed PINs at speci?c
`access points. Management is even more difficult. If the lists
`include all users, they may become unmanageably long, and
`also add to the cost of the access point devices since
`additional memory must be provided to store a large number
`of PINs. If the lists contain subsets of users, then a user’s
`ability to roam is limited. If a user is added or removed, the
`administrator has to update information at all relevant access
`points. This method is relatively secure, except that if a
`
`6
`person gains knoWledge of the access lists con?gured at any
`access point, he could gain access to multiple access points
`by impersonating another device or misappropriating
`another user’s PIN.
`As is apparent from the foregoing, short-range Wireless
`mobility presents a signi?cant security challenge to enter
`prise netWork administrators. This is addressed by the
`present invention.
`
`SUMMARY OF THE INVENTION
`
`The present invention alloWs the use of Wireless devices
`containing a radio module to connect in a secure manner
`using digital certi?cates. The present invention does not
`require manual entry of user identi?ers, passWords, or
`cryptographic keys. The present invention also alloWs for
`ef?cient administration of secure devices Within an enter
`prise Without creating additional administrative overhead for
`initialiZing the devices. It describes a method, apparatus and
`program product for authentication, securely generating and
`exchanging an ephemeral cryptographic key for encryption,
`and a means of performing and administering discrete access
`control in an enterprise, While eliminating the in?exibility of
`pre-con?gured secrets, and While reducing the security
`exposures associated With the manual entry, storage, and/or
`reuse of secrets.
`
`OBJECTS OF THE INVENTION
`
`It is an object of the present invention to provide a method
`for ef?ciently establishing secure communications among
`Wireless devices.
`It is a further object of the present invention to utiliZe
`existing public key cryptography in a neW and unique
`manner to accomplish the initialiZation of a secure commu
`nications among the Wireless devices.
`These and other objects of the present invention Will be
`described in further detail With respect to a perferred
`embodiment and the ?gures beloW.
`
`10
`
`15
`
`25
`
`35
`
`40
`
`BRIEF DESCRIPTION OF THE DRAWINGS
`
`FIGS. 1A and 1B depict typical setup ?oWs betWeen a
`mobile device With imbedded radio module and an admin
`istration server.
`FIG. 1C depicts initialiZation ?oWs for mobile devices
`With suf?cient computing poWer to generate their oWn
`public/private key pairs.
`FIG. 2 depicts a possible authentication How in the
`preferred embodiment of the present invention.
`FIG. 3 is a subset of a sample netWork in Which the
`present invention may be implemented.
`FIG. 4 is an exemplary device certi?cate layout.
`FIG. 5A depicts the ?oWs for centraliZed access control.
`FIG. 5B depicts the ?oWs for access control using a
`disconnected mode.
`FIG. 6 depicts the pairing of consumer devices using
`device certi?cates.
`
`45
`
`55
`
`DETAILED DESCRIPTION OF THE
`PREFERRED EMBODIMENT
`
`The preferred embodiment of the present invention is
`presented to provide sufficient enabling information such
`that the reader may implement the present invention. It is not
`meant to limit or restrict the invention in any Way.
`The designers of the Bluetooth speci?cation have not
`prohibited performing authentication and encryption at the
`
`65
`
`Petitioner Apple Inc. - Exhibit 1049, p. 13
`
`

`

`US 6,886,095 B1
`
`15
`
`25
`
`7
`baseband (or physical) layer, but current methods for ini
`tialiZing such authentication and encryption have unaccept
`able characteristics for mobile computers especially in an
`enterprise context. There is, as yet, signi?cant confusion as
`to hoW to implement security (i.e., authentication,
`encryption, access control, and the administration of the
`same) ef?ciently in an enterprise. The present methodology
`of de?ning Who can interact With Whom and Which ‘shared
`secrets’ (such as PIN numbers, cryptographic keys, etc.) Will
`be used to secure the connections betWeen speci?c devices,
`users, applications and groups does not yet exist.
`In enterprise situations, Which the majority of the speci
`?cation is targeted toWards, the problem of security becomes
`enormous. Each application as Well as each device may
`require a different level of security, requiring the ability to
`alloW different levels of security accesses. None of the
`contemplated solutions such as the extremes of entering a
`PIN before each transaction and never storing the PIN or
`cryptographic key, or using the same stored PIN or crypto
`graphic key repeatedly for all transactions, is acceptable. A
`midpoint security option of generating ephemeral neW cryp
`tographic keys on the ?y from a stored PIN is unacceptable
`also since anyone Who knoWs the PIN can potentially learn
`the neW link key by eavesdropping on the pairing ?oWs.
`The present invention solves this and other problems of
`securely communicating in a Wireless environment, as Well
`as potentially other environments. The present invention is
`no Way limited to the present implementation. It is equally
`applicable to any mobile environment Where devices are
`frequently accessing other devices and require a secure form
`of identi?cation or authentication, a method to securely
`generate and exchange cryptographic keys Which can be
`used for encryption and other purposes, and a method of
`discrete (i.e. per device, per user, per group, per application,
`or per transaction) access control, including the ability to
`add, revoke or change access privileges.
`The preferred embodiment of the present invention
`involves a combination of certi?cates associated With users
`and devices. Certi?cates, as shoWn in FIG. 4, generally
`contain at least a device identi?er 4010, a device’s public
`key 4015, and an area for optional data 4020. In addition the
`preferred embodiment of the present invention involves a
`centrally administered access control database.
`In the prior art, certi?cates have been associated With
`users or high-level application programs, not With devices.
`Hence, a user could take a certi?cate With its corresponding
`private key from Workstation to Workstation on something
`such as a smart card and the certi?cate identi?ed the user
`(the private key being the proxy of the user Who controlled
`its use). The veri?cation and validation of the certi?cate Was
`done through TCP/IP ?oWs betWeen the communicating
`devices. The present invention tightly couples the certi?cate
`With the device, or more speci?cally With the radio module
`contained in the device, Whose unique identi?er is used as
`the certi?cate’s unique identi?er.
`The preferred embodiment of the present invention
`assigns a certi?cate to each device containing the proposed
`radio module. The exemplary certi?cate described contains
`the device’s unique 48-bit IEEE (MAC) address (although
`any unique identi?er could be used equally effectively), the
`device’s public key, a validity period, and a signature from
`a Certi?cate Authority. In the preferred embodiment of the
`present invention, the device identi?er is sto