(12) United States Patent
`JakobSS0n et al.
`
`USOO6574455B2
`(10) Patent No.:
`US 6,574,455 B2
`(45) Date of Patent:
`Jun. 3, 2003
`
`(54) METHOD AND APPARATUS FOR ENSURING
`SECURITY OF USERS OF BLUETOOTH TM-
`ENABLED DEVICES
`
`(75) Inventors: Bjorn Markus Jakobsson, Hoboken,
`
`NJ (US); Susanne Gudrun Wetzel,
`New Providence, NJ (US)
`
`(73) ASSignee: systechnologie Inc., Murray Hill,
`
`(*) Notice:
`
`Subject to any disclaimer, the term of this
`patent is extended or adjusted under 35
`U.S.C. 154(b) by 0 days.
`
`(21) Appl. No.: 09/851,098
`(22) Filed:
`May 8, 2001
`(65)
`Prior Publication Data
`US 2002/0025780 A1 Feb. 28, 2002
`
`Related U.S. Application Data
`(60) Provisional application No. 60/229,130, filed on Aug. 30,
`in pyisional application No. 60/234,426, filed on
`P. 4.1
`(51) Int. Cl. .................................................. H04O7/20
`(52) U.S. Cl. ................
`... 455/41; 455/411; 455/517
`(58) Field of Search ................................. 455/443, 410,
`455/411,421, 422, 517, 518, 519, 444,
`465, 462, 41; 370/338, 471,349; 379/35,
`32.05; 340/825.08, 825.06; 713/161, 163,
`162, 170, 200, 201, 150
`
`(56)
`
`References Cited
`U.S. PATENT DOCUMENTS
`
`6,275,500 B1 * 8/2001 Callaway et al. ........... 370/346
`6.297,737 B1 * 10/2001 Irvin ......................... 340/3.51
`6,339,706 B1 * 1/2002 Tillgren et al. ............. 455/419
`6,366,622 B1
`4/2002 Brown et al. ............... 329/304
`6,366,840 B1 : 4/2002 Buckley - - - - - - - - - - - - - - - - - - 340/425.5
`
`CE R : 3: p - - - - - -tal- - - - - - - - - - - - - - - - - E.
`2 : - Y -
`all0 C al. .............
`* cited by examiner
`Primary Examiner Nay Maung
`ASSistant Examiner Jean A Gelin
`(74) Attorney, Agent, or Firm-Stephen M. Gurey
`(57)
`ABSTRACT
`Rather than including a Static network descriptor in mes
`Sages transmitted between master and Slave Bluetooth
`enabled devices communicating on a piconet, which net
`work descriptor is computed as a known function of the
`master's Bluetooth address (BD ADDR), the network
`descriptor is changed each time a new Session beings on one
`of the devices. This prevents an intentional eavesdropper,
`who may be in proximity to the piconet and who may be
`listening for and detecting the network descriptor included
`within these messages, from associating a detected network
`descriptor with a particular device of a user and thereafter
`using that network descriptor to track the location of the user
`who is carrying and using that device. The network
`descriptor, the channel access code (CAC), is changed each
`time a new Session begins by computing it as a known
`function of a seed and the master's BD ADDR, wherein the
`Seed is a random number chosen at the beginning of each
`new session by the master. For further security, CAC is
`changed not only when a new Session begins but within each
`Session on a periodic basis. For the latter, the Seed is a
`combination of the random number generated for each
`Session by the master and a time parameter associated with
`the master.
`
`4,933,969 A *
`6,246,376 B1 *
`
`6/1990 Marshall et al. ............ 380/284
`6/2001 Bork et al. ............ 342/357.13
`
`40 Claims, 5 Drawing Sheets
`
`
`
`GoPro/Garmin
`EX. 1027, Page 001
`
`

`

`U.S. Patent
`
`Jun. 3, 2003
`
`Sheet 1 of 5
`
`US 6,574,455 B2
`
`
`
`RECEIVER
`
`20
`
`GoPro/Garmin
`EX. 1027, Page 002
`
`

`

`U.S. Patent
`
`Jun. 3, 2003
`
`Sheet 2 of 5
`
`US 6,574,455 B2
`
`FIC. 3
`
`UNITED
`NATIONS
`
`/ O1
`
`302
`
`/
`
`EMBASSY
`
`RECEIVER
`
`303
`
`O C.
`
`C. C. O
`O
`
`NAKED
`WOMEN
`
`O
`C
`O C o O O O
`
`
`
`sy-1S,
`
`RECEIVER
`
`y 301
`
`304
`
`GoPro/Garmin
`EX. 1027, Page 003
`
`

`

`U.S. Patent
`
`Jun. 3, 2003
`
`Sheet 3 of 5
`
`US 6,574,455 B2
`
`FIC. 4
`
`
`
`
`
`403
`S
`
`RANDOM #
`GENERATOR
`410
`
`|
`
`EVENT
`DETECTOR
`409
`
`RECEIVER
`
`404
`
`PROCESSOR
`
`--
`
`
`
`|
`
`
`
`DEVICE
`CIRCUITRY
`
`(CLE)
`405
`S D 406
`BDADDR
`12
`NMSTER CLK
`RANDOM #
`PREVIOUS
`RANDOM #
`
`41
`
`
`
`408
`S
`
`TRANSMITTER
`407
`
`40
`400S
`
`402
`
`GoPro/Garmin
`EX. 1027, Page 004
`
`

`

`U.S. Patent
`
`Jun. 3, 2003
`
`Sheet 4 of 5
`
`US 6,574.455 B2
`
`FIC. 5
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`ESTABLISH COMMUNICATION NETWORK
`BETWEEN MASTER AND SLAVE(S)
`
`MASTER SELECTS A RANDOM NUMBER
`AND PROVIDES IT TO SLAVE(S) WITH
`MASTER'S BDADDR
`
`501
`
`502
`
`COMPUTE CAC AT MASTER AND SLAVE(S) i? 503
`AS DETERMINISTIC FUNCTION OF MASTER'S
`BDADDR & SELECTED RANDOM NUMBER
`
`
`
`USE COMPUTED CAC AS NETWORK
`DESCRIPTOR IN COMMUNICATION OF
`MESSAGES BETWEEN MASTER & SLAVE(S)
`
`
`
`IS
`SESSION
`
`GoPro/Garmin
`EX. 1027, Page 005
`
`

`

`U.S. Patent
`
`Jun. 3, 2003
`
`Sheet 5 of 5
`
`US 6,574,455 B2
`
`FIC. 6
`
`START
`
`ESTABLISH COMMUNICATION NETWORK
`BETWEEN MASTER AND SLAVES)
`
`601
`
`MASTER SELECTS A RANDOM NUMBER
`AND PROVIDES IT TO SLAVE(S) WITH
`MASTER'S BDADDR AND CURRENT TIME
`PARAMETER ASSOCATED WITH MASTER
`
`i? 602
`
`COMPUTE CAC AT MASTER AND SLAVE(S)
`AS DETERMINISTIC FUNCTION OF MASTER'S
`BDADDR, SELECTED RANDOM NUMBER
`AND CURRENT TIME PARAMETER
`
`
`
`USE COMPUTED CAC AS NETWORK
`DESCRIPTOR IN COMMUNICATION OF
`MESSAGES BETWEEN MASTER & SLAVE(S)
`
`PREDETERMINED
`TIME ELAPSED SINCE CAC
`LAST COMPUTED
`605
`
`SESSION
`STILL ONGOING
`
`NO
`
`SESSION
`STILL ONGOING
`2
`
`YES
`
`NEW
`SESSION
`BEGUN
`
`YES
`
`6O7
`
`NO
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`GoPro/Garmin
`EX. 1027, Page 006
`
`

`

`US 6,574.455 B2
`
`1
`METHOD AND APPARATUS FOR ENSURING
`SECURITY OF USERS OF BLUETOOTH TM
`ENABLED DEVICES
`
`CROSS-REFERENCE
`This application claims the benefit of U.S. Provisional
`Application No. 60/229,130, filed Aug. 30, 2000 and No.
`60/234,426, filed Sep. 21, 2000. This application also
`describes and claims Subject matter that is described in our
`co-pending United States patent application filed Simulta
`neously herewith also entitled: “METHOD AND APPARA
`TUS FOR ENSURING SECURITY OF USERS OF
`BLUETOOTH-ENABLED DEVICES, Ser. No. 09/851,
`223, filed May 8, 2001.
`TECHNICAL FIELD
`This invention relates to wireleSS communication on a
`Small local area network (LAN), and more particularly, to
`local wireleSS communication between devices operating in
`accordance with the Bluetooth TM standard.
`
`15
`
`BACKGROUND OF THE INVENTION
`Bluetooth is a recently proposed Standard for local wire
`leSS communication of mobile or potentially mobile devices,
`Such as cellular phones, wireleSS headsets, computers,
`printers, cars, and turn-Stiles, allowing Such devices in the
`proximity of each other to communicate with each other
`(See, e.g., http://www.bluetooth.com; "Specification of the
`Bluetooth System”, Core, Specification Volume 1, V.1.1,
`Feb. 22, 2001; and “Specification of the Bluetooth System”,
`Profiles, Specification Volume 2, v.1.1, Feb. 22, 2001. The
`Standard promises a variety of improvements over current
`functionality, Such as hands-free communication and effort
`leSS Synchronization. It therefore allows for new types of
`designs, Such as phones connected to wireleSS headsets,
`phones connected to the emergency System of cars, com
`puters connected to printers without costly and unsightly
`cords, and phones connected to digital wallets, turn-stiles
`and merchant establishments.
`On a Small wireleSS LAN, known as a piconet, all
`Bluetooth-enabled devices within a set of Such devices
`communicate with a master device within the Set, which is
`Selected as the master when the piconet is established. The
`master device controls the other Slave devices within the Set,
`determining which device transmits and which device
`receives at any given instant. The Slave devices on each
`wireless LAN need to be within approximately 30 feet of the
`master device for communication to proceed. Since a
`Bluetooth-enabled device might be within the range of more
`than one piconet, protection is incorporated to enable a
`receiving device to discriminate between messages it should
`properly act on from another device within its own piconet,
`and messages it should ignore from a device on another
`piconet that is outside the Set. In order to prevent Such
`interference, the prior art Bluetooth Standard requires that
`each message Sent by a device include a network descriptor.
`All messages between the master device and any of the Slave
`devices on the Same piconet then contain that same descrip
`tor So when any device on another piconet "hears a message
`with a different network descriptor, it knows to ignore it. The
`network descriptor used on each piconet is a channel acceSS
`code (CAC) that is determined as a function of a device
`identifier, a so-called 48-bit Bluetooth Address (BD
`ADDR), that is associated with the master in the LAN, each
`Bluetooth device having a unique BD ADDR stored in its
`memory. Thus, when a device is designated as a master upon
`
`25
`
`35
`
`40
`
`45
`
`50
`
`55
`
`60
`
`65
`
`2
`formation of a piconet, a CAC is computed as a determin
`istic function of its BD ADDR, which CAC is then used as
`the network descriptor for all messages Sent over the piconet
`between the master and any Slave devices within the defines
`set. The slaves, upon learning the BD ADDR of the master,
`are able to compute that Same CAC using the known
`deterministic function, thereby knowing which messages to
`listen for and what network descriptor to use in communi
`cating messages back to the Slave.
`The problem with this arrangement is that the privacy of
`an individual using a Bluetooth device can be attacked. For
`example, if a user having a master Bluetooth-enabled cel
`lular phone, a Slave Bluetooth-enabled wireleSS headphone,
`and a slave Bluetooth-enabled CD player were to enter an
`area in which an intentional eavesdropper equipped with a
`receiver was located, that individual could learn the network
`descriptor associated with that user's cellular phone by
`detecting and “examining the network descriptor used in
`the messages to and from that master. That eavesdropper
`could thereafter track the physical location of that user by
`“listening in various locations for messages containing that
`Same network descriptor. Thus, for example, if the network
`descriptor associated with a political figure's cellphone was
`determined, then eavesdropping receivers could track Visits
`by that figure to what might be politically embarrassing
`locations. Further, if the network descriptors associated with
`the Bluetooth devices of multiple individuals were
`determined, Subsequent meetings of those individuals could
`be tracked by the coincidence of location and time of
`multiple messages containing network descriptors associ
`ated with these individuals. In addition to these privacy
`issues, various Security issues are present once a user's
`network descriptor is compromised. Specifically, once the
`network descriptor is determined, the intentional eavesdrop
`per could inject messages into the piconet in a manner that
`receiving devices within the piconet would assume to be
`originating from within the piconet from a valid device. This
`is referred to as an authentication problem Since the authen
`ticity of the messages cannot be guaranteed.
`A more Secure method of communication that eliminates
`the above-described problems is thus needed.
`
`SUMMARY OF THE INVENTION
`In accordance with the present invention, rather than
`asSociating a fixed network descriptor with each device
`within a defined Set, the network descriptor associated with
`a device within the Set is modified over time to prevent an
`eavesdropper using a device outside the defined Set from
`asSociating the network descriptor with a particular user.
`In a first embodiment of the invention, the network
`descriptor is changed from Session to Session, where a
`Session is defined to be the duration of one event Such as one
`phone conversation, listening to one CD, or printing one job
`on a printer. In this embodiment, when a Session Starts and
`communication between a master and Slave begins, the
`master Selects a random number, a So-called Seed, which is
`sent along with the master's BD ADDR to the slave. Both
`the master and the Slave then compute a network descriptor,
`the CAC, as a function of both that random number and the
`master's BD ADDR. When a new session begins, the
`master Selects a new random number, a new Seed, which is
`sent to the slave, and which is then used by both the master
`and the Slave to compute a new CAC, which is then used as
`the network descriptor for this new Session. An
`eavesdropper, thus, will be unable to determine that the
`network descriptors, the CACs, which are used for both of
`
`GoPro/Garmin
`EX. 1027, Page 007
`
`

`

`3
`the sessions, are generated by the same BD ADDR, and
`will be unable to track the user by listening for messages
`containing a particular network descriptor.
`A Second embodiment of the present invention provides a
`finer-grained Solution to the Security problem. In this
`embodiment, rather than recalculating the CAC on a
`Session-driven basis alone, when a Session begins, the mas
`ter transmits to the slave a time parameter together with its
`BD ADDR and its chosen random number, the random
`number and the time parameter together forming the Seed,
`where the time parameter is a value associated with the
`master's internal clock. The master and the slave thus both
`compute the CAC for the Session as a function of the
`master's BD ADDR, the random number, and the time
`parameter. Rather than maintaining that Same CAC through
`out the duration of the Session as in the first embodiment, the
`CAC is periodically recomputed throughout the Session by
`both the master and Slave using the then current time
`parameter. Thus, if a Session has a long duration, the network
`descriptor does not remain Static and open to attack.
`As a modification to both the first and second
`embodiments, the CAC computed at the beginning of a
`Session is computed as a function of a combination of the
`master's BD ADDR and the new random number and at
`least one previous random number, in addition to, depending
`upon the embodiment, the time parameter. Thus, in the first
`embodiment, when an attacker is present at the beginning of
`a session and learns of both the master's BD ADDR and
`the currently selected random number, he will be unable to
`determine the network descriptor without also having been
`present at the beginning of the previous Sessions.
`
`15
`
`25
`
`BRIEF DESCRIPTION OF THE DRAWING
`FIG. 1 is a diagram showing a user carrying three
`Bluetooth-enabled devices on his person that communicate
`with each other on a piconet;
`FIG.2 shows two users whose Bluetooth-enabled devices
`are within the range of more than one piconet;
`FIG. 3 illustrates a nefarious eavesdropper tracking the
`location of the user of a Bluetooth-enabled device;
`FIG. 4 is a block diagram of a Bluetooth-enabled device
`in accordance with the present invention;
`FIG. 5 is a flow chart detailing the steps of a first
`embodiment of the present invention; and
`FIG. 6 is a flow chart detailing the steps of a second
`embodiment of the present invention.
`DETAILED DESCRIPTION
`FIG. 1 shows a user 101 having three active Bluetooth
`enabled devices: a cell phone 102, a wireless headset 103,
`and a CD player 104. When a piconet is established on
`which these three devices within this defined set
`communicate, the cellphone 102 is established as the master
`device, with the wireless headset 103 and CD player 104
`being slave devices. The cell phone 102 acts as an interme
`diary and controller, and all messages from the slaves 103
`and 104 are sent to the master cell phone 102 before being
`passed to the other. Thus, for example, the digitized audio
`output of the CD player 104 is Sent as messages to the master
`cell phone 102 before being forwarded by the cell phone to
`the wireless headset 103 for the user's enjoyment. As a
`controller, the master cell phone can be programmed to
`Switch off the CD player 104 when an incoming phone call
`arrives and then pass the call to the wireless headset 103 for
`reception by the user. Generally, the range of Bluetooth
`
`35
`
`40
`
`45
`
`50
`
`55
`
`60
`
`65
`
`US 6,574.455 B2
`
`4
`enabled devices is approximately 30 feet. Thus, should the
`user place the CD player 104 on a table, he needs to remain
`within 30 feet to maintain reception, assuming the cellphone
`102 remains on his person.
`A Bluetooth-enabled device can physically be within the
`range of more than one piconet, Such as is shown in FIG. 2,
`where the devices being used by users 202 and 203 fall
`within each other's ranges. Thus, the Bluetooth-enabled cell
`phone 204, headset 205, and CD player 206 of user 202 on
`piconet 212 are within range of the cellphone 207, headset
`208, and laptop computer 209 of user 203 on piconet 213. As
`previously noted, in order to prevent one of the devices on
`piconet 212 from interfering with any of the devices on
`piconet 213, or Vice versa, the Bluetooth Standard requires
`each message to include a network descriptor that is used in
`all messages on a particular piconet. Thus, messages Sent to
`and from the master cell phone 204 in one defined set on the
`piconet 212 will be ignored by the devices 207,208 and 208
`in a Second defined Set Since the network description in each
`of those messages on piconet 213 is different than the
`network descriptor in each of messages on piconet 213.
`AS previously described, in the prior art, an intentional
`eavesdropper “listening” though a receiver device 210 out
`side the defined set but within the range of user 202 could
`determine the network descriptor used by that user's
`devices. Thus, once that network descriptor was determined,
`the user's location could be tracked as he passed within the
`range of other receivers. AS shown in FIG. 3, therefore, as
`the user 301 moves throughout the city, he could be tracked
`by receivers 302, 303 and 304, for example, which are each
`“listening for messages having that same determined net
`work descriptor. Alternatively, once a user's network
`descriptor is determined, an intentional eavesdropper who is
`within range of the piconet could inject messages into the
`piconet in Such a manner that the other devices on the
`piconet would believe them to be authentic. Thus, the other
`devices on the piconet would receive and could act upon
`forged information.
`In order to prevent the afore-described problems associ
`ated with the prior art, the present invention modifies over
`time the network descriptor associated with a Bluetooth
`enabled device. In a first embodiment of the present
`invention, the network descriptor is changed each time a
`new Session begins on the piconet. A Session is defined by
`the duration of one event Such as, in FIG. 1, a phone
`conversation by the user over the cell phone 102 or the
`playing of a single CD on the CD player 104. Thus, for the
`Bluetooth-enabled devices in FIG. 1, a new session begins
`upon the Start on a new phone conversation or the playing of
`a new CD. At the beginning of a new Session, in accordance
`with this embodiment of the invention, the master sends to
`the slave a random number, a seed, with the BD ADDR of
`the master, that are together used by both the master and the
`Slave to compute a CAC for use by the master and the Slave
`as a network descriptor for the duration of that Session. In a
`preferred embodiment, the function used the compute CAC
`from the BD ADDR of the master and the seed is a
`so-called one-way function such as the well-known SHA1,
`or MD5 functions. Such one-way functions prevent the
`reverse engineering of the inputs to the function given the
`output of the function, as is well understood by those skilled
`in the art.
`FIG. 4 is a block diagram that functionally shows a
`Bluetooth-enabled device 400 in accordance with the inven
`tion. As shown, device 400 functionally separates the
`Bluetooth-functioning elements 401 that cause the device to
`operate in accordance with the Bluetooth specifications, and
`
`GoPro/Garmin
`EX. 1027, Page 008
`
`

`

`US 6,574.455 B2
`
`15
`
`25
`
`S
`the other device circuitry 402 that performs the functions
`asSociated with the particular type of unit that the entire
`device 400 is, such as in the example of FIG. 1, a cellphone,
`a wireless headset, or a CD player. The Bluetooth
`functioning elements 401 include a receiving antenna 403,
`which receives wireleSS-transmitted messages from the
`other devices on the piconet, and passes them on to a
`receiver 404. Receiver 404 outputs the demodulated mes
`Sages and inputs them to a processor 405. In addition to
`performing the functions necessary to implement the present
`invention, i.e., to periodically compute the CAC as a func
`tion of the seed and the BD ADDR of the master, processor
`405 performs other required Bluetooth operations, which are
`not discussed further Since they are not necessary for an
`understanding of the present invention. The information
`within each received message is passed to the device cir
`cuitry 402 for device-specific processing over a link 406,
`which may be a serial or parallel bus or other cabled
`arrangement, or a WireleSS connection. Outgoing messages,
`originating either within the device circuitry 402 or within
`processor 405, are passed to a transmitter 407 for modula
`tion and output onto output antenna 408. A common antenna
`may share the functions of antennas 403 and 408 shown in
`FIG. 4.
`In order to perform the functions of the present invention,
`the Bluetooth-functioning elements 401 are shown including
`an event detector 409, which may be a separate element as
`shown, or incorporated as part of processor 405. If device
`400 is the master on the piconet and a new Session begins
`within the device circuitry 402 of that device, event detector
`409 is triggered, thereby signaling processor 405 to compute
`a new CAC. If a new session begins within the device
`circuitry of a slave, that information is communicated to the
`master and event detector 409. Upon being triggered by
`event detector 409, processor 405 retrieves a random num
`35
`ber from random number generator 410 to act as a Seed in
`calculating the CAC as a predetermined function of the
`retrieved random number and this devices, the masters,
`BD ADDR. Although shown as a separate element, the
`random number generator 410 could be incorporated within
`processor 405 and could generate the random number from
`various Sources of randomneSS Such as radio activity or
`using cryptographic techniques Such as one-way functions.
`As shown in FIG. 4, the BD ADDR is stored in a memory
`411 associated with processor 405 but may actually be
`hard-wired as part of the Bluetooth-functioning elements
`401. As previously noted, the predetermined function used
`to compute CAC is preferably a one-way function. The
`random number used to compute CAC, which is also Stored
`in memory 411, is also communicated to the slave where it
`is used, together with the master's BD ADDR, to compute
`CAC using the same function. Thus, if device 400 is not the
`master but a slave on the piconet, memory 411 Stores the
`BD ADDR of the master and the current random number
`used to compute CAC. When a new Session is detected,
`therefore, the random number in memory 411 is replaced by
`the random number generated at the master and a new CAC
`is computed and used as the network descriptor in all
`messages until the next Session begins.
`FIG. 5 is a flowchart that illustrates the steps of this first
`embodiment of the invention. At step 501, a communication
`network is established between the designated master and
`the slave(s). At step 502, the master selects a random number
`to be used as the Seed, which is provided to the slave(s)
`together with the master's BD ADDR. At step 503, the
`master and the slave(s) compute CAC a deterministic func
`tion of the master's BD ADDR and the selected random
`
`6
`number. At step 504, that computed CAC is used as the
`network descriptor in all messages transmitted between the
`master and the slave(s). At step 505, a determination is made
`whether the current Session is still ongoing. If yes, at Step
`504 again, the same computed CAC continues to be used as
`the network descriptor in all messages between the master
`and the slave(s). If, at step 505, the determination is made
`that the current Session in not still ongoing, then, at Step 506,
`a determination is made whether a new Session has begun.
`If yes, the flow returns to step 502, where the master selects
`a new random number to used as the Seed and which new
`Seed is provided to the slave(s). Again, as previously
`described, a new CAC is computed by the master and the
`Slave(s), which is used as the network descriptor in all
`messages between the master and the slave(s) until that
`Session ends.
`An intentional eavesdropper will thus first “hear” CAC
`computed for use during the first Session in the messages it
`captures. When that Session ends, the eavesdropper will no
`longer hear CAC in any message. When a new Session
`begins, the eavesdropper will “hear CAC, computed for
`use during the Second Session, in the messages it overhears.
`The eavesdropper cant, however, determine that both CAC
`and CAC have been generated from the same BD ADDR,
`and therefore is precluded from tracking the locations of the
`individual using the Bluetooth-enabled device as that Blue
`tooth user moves from location-to-location.
`If a Session lasts a long period of time, Such as during a
`long telephone call, the CAC remains invariant in the first
`embodiment described above. The inentional eavesdropper,
`by listening for the CAC being used, would then be able to
`track the user throughout the duration of that Session. In
`order to prevent a potential a breech of privacy in Such a
`Situation, a Second embodiment of the present invention
`provides a finer-grained Solution to the problem. In accor
`dance with the second embodiment of the invention, when
`a Session begins, the master sends to the slave(s), together
`with its BD ADDR, a seed that consists of a randomly
`generated number plus a time parameter associated with the
`master's internal clock. The master and the slave(s) then
`compute the CAC as a predetermined function of the
`BD ADDR, the random number and the time parameter.
`Thereafter, throughout the same Session, the CAC is auto
`matically recomputed at the end of every interval of prede
`termined duration using the then current time parameter
`asSociated with the master's clock. The CAC is thus changed
`at a much faster rate than in the purely Session-driven
`embodiment described above. The intentional eavesdropper
`then has much greater difficulty tracking the location of the
`user of the Bluetooth-enabled device by “listening” for a
`particular CAC.
`In order to implement this Second embodiment, the
`Bluetooth-enabled device 400 in FIG. 4 stores the time
`parameter associated with the master's clock in memory
`411. Processor 405 then thereafter re-computes the CAC
`based on the master's BD ADDR, the current sessions
`random number, and that Stored master's time parameter as
`it is modified by the accumulated predetermined time inter
`vals that have passed Since the Session began, the latter being
`determined by clock 412. Clock 412 is shown for illustrative
`purposes as a Separate element but in practice could be
`incorporated into the processor 405. If device 400 is the
`master, when a Session begins the then current value of clock
`412 is stored in memory 411 and sent together with the
`random number outputted by random number generator 410
`to the slave(s).
`FIG. 6 is a flowchart that illustrates the steps of this
`second embodiment. At step 601 communication is estab
`
`40
`
`45
`
`50
`
`55
`
`60
`
`65
`
`GoPro/Garmin
`EX. 1027, Page 009
`
`

`

`US 6,574.455 B2
`
`15
`
`35
`
`40
`
`25
`
`7
`lished between the master and the slave(s). At step 602, a
`random number is Selected by the master and provided to the
`slave(s) together with the master's BD ADDR and a cur
`rent time parameter associated with the master. At Step 603,
`the master and the Slave(s) compute CAC as a deterministic
`function of the master's BD ADDR, the selected random
`number and the current time parameter associated with the
`master. At step 604, that computed CAC is used as the
`network descriptor in all the messages between the master
`and the slave(s). At step 605, a determination is made
`whether the predetermined time interval has elapsed since
`the CAC was last computed. If it has not, then at step 606,
`a determination is made whether the current Session is still
`ongoing. If it is, then the previously computed CAC con
`tinues to be used as the network descriptor in each message.
`If the current Session is not ongoing, the flow proceeds to
`decision Step 607 to await the beginning a new Session.
`When a new session begin, the flow returns to step 602
`where a new random number and the then current master's
`time parameter are used as a Seed to compute a new CAC as
`a function of that seed and the master's BD ADDR. If, at
`step 605, a determination is made that the predetermined
`time interval has elapsed and, at Step 608, the current Session
`is still ongoing, then the flow returns to step 604 where the
`CAC is recomputed as the predetermined function of the
`master's BD ADDR, the previously determined random
`number and the then current master's time parameter. If, at
`Step 608, the current Session is not still ongoing, then the
`flow proceeds to step 607 to await the beginning of a new
`Session. Upon the occurrence of a new Session, the flow
`returns to step 602. As previously, at step 602, a new random
`number is selected by the master and combined with the
`master's then current time parameter to form a Seed that is
`used together with the master's BD ADDR to compute the
`CAC.
`The embodiments described above can be modified to add
`even further protection to prevent the intentional eavesdrop
`per from tracking the location of the user of a Bluetooth
`enabled device. Specifically, in the purely Session-driven
`embodiment described above, rather than using the random
`number outputted by random number generator 410 as a
`Seed in computing CAC as a function of that random number
`and the master's BD ADDR, the random number outputted
`by random number generator 410 is combined with at least
`one previous random number. The combination of these
`random numbers is then used as the Seed in computing CAC
`45
`as a function of that combination and the master's
`BD ADDR. Thus, in this embodiment, if the attacker is
`present when a Session is set up and learns of the random
`number being passed from the master to the slave(s), he will
`not be able to compute CAC without also having been
`present when each previous Session was set up when the
`previous random numbers were passed. Thus, in this
`embodiment, memory 411, within the Bluetooth elements
`401, also includes at least one Storage location for Storing the
`at least one previous random number outputted by random
`number generator 410.
`The second embodiment of the invention in which the
`CAC is re-computed not only at the beginning of each
`Session, but periodically within each Session, can also be
`similarly modified. Thus, the random number used as the
`Seed to compute the CAC at the beginning of each Session
`or within each Session at the end of each periodic interval is
`a combination of a random number outputted by random
`number generator 210 at that time and at least one previous
`random number that is stored in memory 311.
`The foregoing merely illustrates the principles of the
`invention. It will thus be appreciated that those skilled in the
`
`50
`
`55
`
`60
`
`65
`
`8
`art will be able to devise various arrangements, which,
`although not explicitly described or shown herein, embody
`the principles of the invention and are included within its
`Spirit and Scope. Furthermore, all examples and conditional
`language recited herein are principally intended expressly to
`be only for pedagogical purposes to aid the reader in
`understanding the principles of the invention and the con
`cepts contributed by the inventor to furthering the art, and
`are to be construed as being without limitation to Such
`Specifically recited examples and conditions. Moreover, all
`Statements herein reciting principles, aspects, and embodi
`ments of the invention, as well as Specific examples thereof,
`are intended to encompass both Structural and functional
`equivalents thereof. Additionally, it is intended that Such
`equivalents include both currently known equivalents as
`well as equivalents developed in the future, i.e., any ele
`ments developed that perform the same function, regardless
`of Structure. Thus, for example, although the present inven
`tion has been described above for use by