Senior Fitness - Exercise and Nutrition for Aging Men and Women
FREE Article Feed for your website.
Home Ownership Magazine
Party Planning Information
Article Marketing Resources
Bio-Medical Research Article Database
Informative Articles on Life, Love and Happiness
Tutorials on Business to Writing
Famous Quotes from Famous People
Song Lyric Information
New US Patent Information
Comprehensive List of Content by Category
Online Auctions and Shopping Related Articles
Article Search
Most Recent Articles
Title: Three-phase electronic ballast
Patent Number: 6,906,474 Issued on 06/14/2005 to Trestman,   et al.

Title: Electroluminescent display device with substrate having regions with different refractive indexes
Patent Number: 6,906,452 Issued on 06/14/2005 to Ichikawa

Title: Image sensor having an improved transparent layer
Patent Number: 6,906,397 Issued on 06/14/2005 to Hsieh,   et al.

Title: Device and method for retaining mercury source in low-pressure discharge lamps
Patent Number: 6,906,460 Issued on 06/14/2005 to Busai,   et al.

Title: Ball grid array package with patterned stiffener layer
Patent Number: 6,906,414 Issued on 06/14/2005 to Zhao,   et al.

Title: Fluorescent lamp and high intensity discharge lamp with improved luminous efficiency
Patent Number: 6,906,475 Issued on 06/14/2005 to Atagi

Title: Headlamp cleaning device
Patent Number: 6,854,666 Issued on 02/15/2005 to Jenkins

Title: Method and system for exchanging earth energy between earthly bodies and an energy exchanger, especially to produce an electric current
Patent Number: 7,059,131 Issued on 06/13/2006 to Hildebrand

Title: Blowing device and air conditioning apparatus having the same
Patent Number: 7,152,425 Issued on 12/26/2006 to Han,   et al.

Title: Semiconductor component having a material reinforced contact area
Patent Number: 6,906,370 Issued on 06/14/2005 to Hübner,   et al.

Title: Electric power steering apparatus
Patent Number: 6,906,483 Issued on 06/14/2005 to Tominaga,   et al.

Title: High accuracy miniature grating encoder readhead using fiber optic receiver channels
Patent Number: 6,906,315 Issued on 06/14/2005 to Tobiason

Title: Device and method for assisting in the movement of a ladder
Patent Number: 7,028,808 Issued on 04/18/2006 to Zeaman

Title: Method for implementing electro-static discharge protection in silicon-on-insulator devices
Patent Number: 6,906,387 Issued on 06/14/2005 to Reese,   et al.

Title: Intrusion detection method and signature table
Patent Number: 7,150,043 Issued on 12/12/2006 to Brock,   et al.

Title: Infrared thermopile detector system for semiconductor process monitoring and control
Patent Number: 6,821,795 Issued on 11/23/2004 to Arno

Title: Method of processing substances by short-pulse, wavelength tunable raman laser
Patent Number: 6,906,283 Issued on 06/14/2005 to Arisawa,   et al.

Title: Conveyance method and apparatus for processing step
Patent Number: 7,081,164 Issued on 07/25/2006 to Kyotani

Title: Composite cooking apparatus and method of controlling the same
Patent Number: 6,906,294 Issued on 06/14/2005 to Yang

Title: Amorphous-silicon thin film transistor and shift resister having the same
Patent Number: 6,906,385 Issued on 06/14/2005 to Moon,   et al.

Title: System and method for reduced codebook vector quantization
Patent Number: 6,968,092 Issued on 11/22/2005 to Winger

Title: Synchronous inductance motor, a manufacturing method of the synchronous inductance motor, and a compressor
Patent Number: 6,906,448 Issued on 06/14/2005 to Yoshino,   et al.

Title: Process for the protection of flexible silicone membranes, particularly in the case of molding by resin transfer
Patent Number: 6,790,531 Issued on 09/14/2004 to Fournier

Title: End-of-life protection for compact fluorescent lamps
Patent Number: 6,906,465 Issued on 06/14/2005 to Cavallaro

Title: Movable contact unit, panel switch using the same and electronic equipment having the panel switch
Patent Number: 6,906,275 Issued on 06/14/2005 to Koyama,   et al.

Title: Integrated automatic blood processing unit
Patent Number: 7,037,428 Issued on 05/02/2006 to Robinson,   et al.

Title: Common mode feedback circuit for fully differential two-stage operational amplifiers
Patent Number: 7,154,334 Issued on 12/26/2006 to Dyer,   et al.

Title: Resistance spot welding control device and method
Patent Number: 6,906,276 Issued on 06/14/2005 to Kaeseler,   et al.

Title: Vehicle and a vehicle door
Patent Number: 7,021,697 Issued on 04/04/2006 to Bodin,   et al.

Title: Micromechanical flow sensor with tensile coating
Patent Number: 7,154,372 Issued on 12/26/2006 to Vanha,   et al.

Title: Semiconductor device
Patent Number: 6,906,355 Issued on 06/14/2005 to Kurosaki,   et al.

Title: Data-driven filtering of cepstral time trajectories for robust speech recognition
Patent Number: 7,035,797 Issued on 04/25/2006 to Iso-Sipila

Title: Ink jet image producing device and process for its operation
Patent Number: 6,783,202 Issued on 08/31/2004 to Franzke

Title: Therapeutic methods employing PAI-1 inhibitors and transgenic non-human animal for screening candidate PAI-1 inhibitors
Patent Number: 7,057,086 Issued on 06/06/2006 to Vaughan,   et al.

Title: Bracket assembly having a plurality of plates for a dynamoelectric machine
Patent Number: 6,906,440 Issued on 06/14/2005 to Fife

Title: Electrolytic capacitor and a fabrication method therefor
Patent Number: 6,894,889 Issued on 05/17/2005 to Yano,   et al.

Title: Apparatus for event log management
Patent Number: 7,155,514 Issued on 12/26/2006 to Milford

Title: Holey optical fibres
Patent Number: 6,968,107 Issued on 11/22/2005 to Belardi,   et al.

Title: Audio apparatus for processing voice and audio signals
Patent Number: 7,154,419 Issued on 12/26/2006 to Mukai

Title: Ground plane compensation for mobile antennas
Patent Number: 7,154,444 Issued on 12/26/2006 to Sievenpiper

Title: Process for patterning high-k dielectric material
Patent Number: 7,148,114 Issued on 12/12/2006 to Chiu,   et al.

Title: Structure and method for transverse field enhancement
Patent Number: 6,891,750 Issued on 05/10/2005 to Chen

Title: Adjustable handle assembly for stroller or toy stroller
Patent Number: 7,017,936 Issued on 03/28/2006 to Huang

Title: Power semiconductor module and cooling element for holding the power semiconductor module
Patent Number: 6,791,183 Issued on 09/14/2004 to Kanelis

Title: Mounting structures for a high-frequency heating apparatus
Patent Number: 6,906,301 Issued on 06/14/2005 to Yamaguchi

Title: Lens apparatus, projection type optical apparatus and projection type image display apparatus
Patent Number: 7,019,916 Issued on 03/28/2006 to Suzuki

Title: Email attachment management in a computer system
Patent Number: 7,155,481 Issued on 12/26/2006 to Prahlad,   et al.

Title: Arc welding method
Patent Number: 6,906,284 Issued on 06/14/2005 to Kim,   et al.

Title: Semiconductor devices with reference voltage generators and termination circuits configured to reduce termination mismatch
Patent Number: 7,034,567 Issued on 04/25/2006 to Jang

Title: Movable contact unit having press-down projections
Patent Number: 6,906,274 Issued on 06/14/2005 to Ito,   et al.

Title: Group III-nitride growth on Si substrate using oxynitride interlayer
Patent Number: 6,906,351 Issued on 06/14/2005 to Kryliouk,   et al.

Title: Molding apparatus for minimizing flash on sealing filter gasket
Patent Number: 6,830,443 Issued on 12/14/2004 to Coffey,   et al.

Title: Method for forming a liquid film on a substrate
Patent Number: 7,125,584 Issued on 10/24/2006 to Ito

Title: Chip mounting substrate, first level assembly, and second level assembly
Patent Number: 6,791,193 Issued on 09/14/2004 to Watanabe,   et al.

Title: Rotational cable shortening device
Patent Number: 7,028,580 Issued on 04/18/2006 to Brumberger,   et al.

Title: Endoglucanase gene promoter upregulated by nematodes
Patent Number: 6,906,241 Issued on 06/14/2005 to Davis,   et al.

Title: Detent escapement for timepiece
Patent Number: 7,192,180 Issued on 03/20/2007 to Hayek,   et al.

Title: Rotor balancing
Patent Number: 7,069,654 Issued on 07/04/2006 to Robbins

Title: Selectively handling data processing requests in a computer communications network
Patent Number: 7,155,478 Issued on 12/26/2006 to Ims,   et al.

Title: Rotating station for reels
Patent Number: 6,962,307 Issued on 11/08/2005 to Scheurer

Title: Fuel evaporator
Patent Number: 6,899,741 Issued on 05/31/2005 to Nakamura,   et al.

Title: Process for fractionation/concentration to reduce the polydispersivity of polymers
Patent Number: 6,906,168 Issued on 06/14/2005 to Khouri,   et al.

Title: Bicycle hub dynamo assembly
Patent Number: 7,048,546 Issued on 05/23/2006 to Endo

Title: Composition for the dyeing of human hair
Patent Number: 7,056,352 Issued on 06/06/2006 to Lorenz,   et al.

Title: Printed circuit board for a three-phase power device having embedded directional impedance control channels
Patent Number: 7,154,196 Issued on 12/26/2006 to Sparling,   et al.

Title: Attache style toolbox with an outer frame
Patent Number: 6,971,517 Issued on 12/06/2005 to Chen

Title: Non-contacting compliant torque sensor
Patent Number: 6,851,324 Issued on 02/08/2005 to Islam,   et al.

Title: Roofing granules
Patent Number: 7,060,658 Issued on 06/13/2006 to Joedicke

Title: Eccentricity compensation in a web handling system
Patent Number: 6,831,801 Issued on 12/14/2004 to Chliwnyj,   et al.

Title: Thin film magnetic memory device conducting read operation by a self-reference method
Patent Number: 7,057,925 Issued on 06/06/2006 to Ooishi,   et al.

Title: Command processing method and radio communication apparatus
Patent Number: 7,020,117 Issued on 03/28/2006 to Nire

Title: Treatment of hypertension
Patent Number: 7,155,284 Issued on 12/26/2006 to Whitehurst,   et al.

Title: Louver and louver curtain constructed therefrom
Patent Number: 6,830,091 Issued on 12/14/2004 to Hintennach,   et al.

Title: Drum type washing machine
Patent Number: 7,010,942 Issued on 03/14/2006 to Ryu,   et al.

Title: Illumination device and liquid crystal display device
Patent Number: 6,971,782 Issued on 12/06/2005 to Nagakubo,   et al.

Personal certification authority device Number:7,386,726 from the United States Patent and Trademark Office (PTO) owispatent

Home    Author Login    Submit Article    Article Search    Add Your Link    Edit Your Link    Contact Us    Advertising    Disclaimer

   

 
Web LinkGrinder.com

Top Breaking News
     Greek, Cypriot Leaders Resume Unification Talks in Nicosia by Nathan Morley
     Indonesia Tobacco Sales Grow, Raising Health Fears
     South Korea Allows Top Defector to Travel Overseas by VOA News

Title: Personal certification authority device

Abstract: A method for public key certification in a local network environment, wherein a personal certification authority associated with the local network environment is connected with a first device needing to be certified. Responsive to the connection, a certificate is provided to the device to be certified from the personal certification authority. The devices receiving a certificate may then use the certificate to carry out secure information exchange within the local network environment with other devices having a similar certificate.

Patent Number: 7,386,726 Issued on 06/10/2008 to Gehrmann,   et al.

Inventors: Gehrmann; Christian (Lund, SE), Smeets; Bernard (Dalby, SE), Haartsen; Jacobus (Hardenberg, NL), Persson; Joakim (Lund, SE)
Assignee: Telefonaktiebolaget L M Ericsson (Publ) (Stockholm, SE)
Appl. No.: 10/161,567
Filed: May 31, 2002

Related U.S. Patent Documents
Application NumberFiling DatePatent NumberIssue Date
60350132Nov., 2001

Current U.S. Class: 713/175 ; 713/155; 713/156; 726/10
Field of Search: 713/175,155 380/277-285

References Cited [Referenced By]
U.S. Patent Documents
5781723 July 1998 Yee et al.
5835595 November 1998 Fraser et al.
5898831 April 1999 Hall et al.
5909183 June 1999 Borgstahl et al.
5917913 June 1999 Wang
5940506 August 1999 Chang et al.
5949777 September 1999 Uyesugi et al.
5953425 September 1999 Selker
6069896 May 2000 Borgstahl et al.
6092192 July 2000 Kanevsky et al.
6175922 January 2001 Wang
6198996 March 2001 Berstis
6212634 April 2001 Geer, Jr. et al.
6217351 April 2001 Fung et al.
6275500 August 2001 Callaway, Jr. et al.
6282183 August 2001 Harris et al.
6314091 November 2001 LaRowe, Jr. et al.
6754661 June 2004 Hallin et al.
6826690 November 2004 Hind et al.
7068789 June 2006 Huitema et al.
2001/0016909 August 2001 Gehrmann
2002/0012133 January 2002 Haruna et al.
2002/0026584 February 2002 Skubic et al.
2002/0114470 August 2002 Mauro et al.
2002/0161999 October 2002 Gunter et al.
2004/0096063 May 2004 Carroni et al.
2005/0191990 September 2005 Willey et al.
Primary Examiner: Moazzami; Nasser
Assistant Examiner: Yalew; Fikremariam
Attorney, Agent or Firm: Cameron; Michael
Parent Case Text


RELATED APPLICATION(S)

This application claims priority from and incorporates herein by reference the entire disclosures of U.S. Provisional Application Ser. No. 60/350,132 filed Nov. 2, 2001.
Claims


We claim:

1. A method for public key certification in a local network environment adapted to network a plurality of devices, comprising the steps of: establishing a public key infrastructure (PKI) in any one of a plurality of devices, said any device being deemed a personal certification authority device, the personal certification authority device adapted to internally generate a private/public keypair at the moment the device becomes the personal certification authority device; connecting the personal certification authority device associated only with the local network environment with any other of the plurality of devices, such devices being a first device to be certified; and providing a certificate to the first device to be certified from the personal certification device upon request from such first device said certificate enabling secure connection establishment with the local network environment, wherein each of the plurality of devices adapted to be included in the local network environment are capable of internally generating and providing to other devices within such local network environment, certificates to said other devices upon request and wherein the providing step further comprises receiving an identifier of the first device to be certified and a public key at the personal certification authority device; confirming the first device to be certified has a private key corresponding to the received public key; and issuing the certificate from the personal certification authority device associated only with the local network environment to the first device to be certified.

2. The method of claim 1, further including the steps of: connecting at least, one other device to be certified with the personal certification authority device associated with the local network environment; and providing a second certificate to the at least one other device to be certified by the personal certification authority device associated with the local network environment, upon request from such second device said second certificate enabling secure connection establishment with the local network environment.

3. The method of claim 1, wherein the local network environment comprises a personal area network.

4. The method of claim 1, further including the steps of: receiving a second public key from the personal certification authority device at the first device; and confirming the personal certification authority device has a second private key corresponding to the received second public key.

5. The method of claim 1, further including the step of storing data associated with the first device to be certified responsive to providing the certificate.

6. The method of claim 1, further including the step of storing a user ID of the first device.

7. The method of claim 1, further including the step of storing the certificate provided to the first device.

8. The method of claim 1 further including the step of authenticating the connection between the first device and the personal certification authority device.

9. The method of claim 1, further including the step of storing the certificate at the first device.

10. The method of claim 1, wherein the certificate further includes at least one of the public key, the identifier of the first device, a digital signature of the personal certification authority device, and a public root key of the personal certification authority device.

11. A method for public key certification in a personal network environment adapted to network a plurality of devices, comprising the steps of: establishing a public key infrastructure (PKI) in any one of a plurality of devices, said any device being deemed a personal certification authority device, the personal certification authority device adapted to internally generate a private/public keypair at the moment the device becomes the personal certification authority device; connecting the personal certification authority device associated only with the personal network with any other of the plurality of devices, such device being a first device to be certified; receiving an identifier of the first device to be certified and a public key at the personal certification authority device; confirming the first device to be certified has a private key corresponding to the received public key; receiving a second public key from the personal certification authority device at the first device; confirming the personal certification authority device has a second private key corresponding to the received second public key; issuing a certificate from the personal certification authority device associated only with the personal network to the first device to be certified, upon request from such first device, said certificate enabling secure connection establishment with the personal network; and storing data associated with the first device to be certified responsive to providing the certificate at the personal certification authority device, wherein each of the plurality of devices adapted to be included in the local network environment are capable of internally generating and providing to other devices within the local network environment, certificates to said other devices upon request.

12. The method of claim 11, further including the steps of: connecting at least one other device to be certified with the personal certification authority device associated with the local network environment; and providing a second certificate to the at least one other device to be certified with the personal certification device associated with the local network environment, upon request from such other device said second certificate enabling secure connection establishment with the personal network.

13. The method of claim 11, further comprising the step of connecting a personal certification authority device associated only with a personal area network.

14. The method of claim 11, further comprising storing a user ID of the first device associated with the first device to be certified responsive to providing the certificate at the personal certification authority device.

15. The method of claim 11, further comprising storing the certificate provided to the first device.

16. The method of claim 11, further including the step of mutually authenticating the connection between the first device and the personal certification authority.

17. The method of claim 11, further including the step of storing the certificate at the first device.

18. The method of claim 11, further including the step of storing a certificate authority root key at the first device.

19. The method of claim 11, wherein the certificate further includes at least one of the public key, the identifier of the first device, a digital signature of the personal certification authority device, and a public root key of the personal certification authority device.

20. A personal communications device having a public key infrastructure (PKI) for performing as a personal certification device for a first device, comprising: a means within the personal communications device adapted to internally generate a private/public keypair; an interface for establishing a local connection in a personal network environment adapted to network a plurality of devices, with the first device to be certified; control logic adapted to connect the personal communications device with a first device to be certified and provide a certificate to the first device to be certified upon request of such first device, to enable secure data exchange within a personal network , wherein the control logic is further adapted to: receive an identifier of the first device to be certified and a public key at the personal communications device; confirm the first device to be certified has a private key corresponding to the received public key; and issue the certificate and a certificate authority root key to the first device to be certified; and a memory for storing data relating to the certificate provided to the first device to be certified.

21. The device of claim 20, in combination with a personal network, wherein the personal network comprises a personal area network.

22. The device of claim 20, wherein the data comprises a user ID of the first device.

23. The device of claim 20, wherein the data comprises the certificate provided to the first device.

24. The device of claim 20, wherein the control logic is further adapted to mutually authenticate the connection between the first device and the personal certification device.

25. The device of claim 20, wherein the certificate further includes at least one of the public key, the identifier of the first device, a digital signature of the personal certification device, and a public root key of the personal certification device.

26. A personal network, comprising: a plurality of personal communications devices, and a personal certification authority device being any one of the plurality of personal communications devices, said personal certification authority having a public key infrastructure (PKI) which internally generates a private/public keypair and issue, upon request, a certificate to a first personal communications device being any one of the other of the plurality of personal communications devices said certificate enabling the first personal communications device and any other personal communication device having a certificate to perform secure information exchanges locally in the personal network, wherein each of the plurality of personal communications devices adapted to be included in the personal network are capable of internally generating and providing to other personal communication devices within such personal environment, certificates to said other personal communication devices upon request, wherein the personal certification authority device further receives an identifier of the first personal communication device and a public key at the personal certification authority device; confirms the first personal communications device has a private key corresponding to the received public key; and issues the certificate from the personal certification authority device to the first personal communications device.

27. The personal network of claim 26, wherein the personal certification authority device stores data associated with the first personal communications device responsive to issuing the certificate.

28. The personal network of claim 27, wherein the data comprises a user ID of the first personal communications device.

29. The personal network of claim 27, wherein the data comprises the certificate provided to the first personal communications device.

30. The personal network of claim 26, wherein the personal certification authority device authenticates the connection between the first personal communications device and the personal certification authority device.

31. The personal network of claim 26, wherein the first personal communications device stores the certificate at the first personal communications device.

32. The personal network of claim 26, wherein the certificate further includes at least one of the public key, the identifier of the first device, a digital signature of the personal certification device, and a public root key of the personal certification device.

33. The personal network of claim 26, wherein the personal network comprises a personal area network.

34. The personal network of claim 26, wherein the personal network comprises a Bluetooth network.

35. The personal network of claim 26, wherein the personal network comprises a Bluetooth high rate network.

36. The personal network of claim 26, wherein the personal network comprises an IEEE 802.11 network.
Description


TECHNICAL FIELD

The present invention relates to public/private key certification, and more particularly, to the use of personal certification authorities within a personal network.

BACKGROUND OF THE INVENTION

Bluetooth 1.1 cryptographic services are currently provided on the baseband level. Key exchanges, authentications and encryptions are defined to be carried out in a low rate mode. There is currently in development a high rate mode for use in Bluetooth which will provide significantly different connection protocols and cryptographic services than are available in Bluetooth 1.1. From a communications point of view, the main difference between the existing low rate Bluetooth mode and the new Bluetooth high rate mode is that in high rate mode, any participating device may set up a communications link with any other device. Thus, the typical master/slave piconet utilized within low rate Bluetooth is not used within high rate mode Bluetooth. Thus, there is a need to quickly set up a secure communications link between any two devices.

Current security concepts require that secret keys be exchanged between two devices before security mechanisms may be applied to connections between devices communicating in a low rate mode. This is a rather cumbersome procedure that requires users to provide information such as a pin number. In a high rate mode, it would be necessary to find alternative ways of setting up a secure communication between devices. Additionally, current devices operating in a low rate mode would further benefit from alternative solutions that minimize the amount of user interactions required to initialize a secure link.

One potential solution involves the use of digital certificates by connecting devices in order to establish proper authentication for a link. Normally, a certification authority issues a public key certificate such as X.509. The certification authority is responsible for determining that the public key in an issued certificate corresponds to a private key of a holder with whom the certificate is being issued. This is necessary in order to maintain the security of a global or a large public key infrastructure The drawback with this type of system is that a central certification authority must issue all necessary certificates used by the communication units and all units must share trusted public root keys This is a tedious process that the user of a personal communication unit would like to avoid. Furthermore, it is very costly to maintain a well-controlled highly secure certification process that can handle thousands of users On the other hand, users desiring to operate on their own local environment, such as a personal area network (PAN) have no benefits inside their PAN from having a centralized certification authority like VeriSign. The user may not wish to delegate the certification authority operation to a centralized entity outside of their personal environment for privacy reasons. Thus, there is a need for providing individuals in personal local networks an option outside of the use of a centralized certification authority such as VeriSign.

SUMMARY OF THE INVENTION

The present invention overcomes the foregoing and other problems with a system and method using a personal certification authority device associated with a local network environment. A device needing to be certified may be connected to the personal certification authority device, and in response to the connection, a certificate is issued to the device needing to be certified. Using the certificate, the device may establish secure information exchange within the local network environment with either the personal certification authority device or other certified devices including a similar certificate. Hence, a certification procedure between the personal certification authority and each device is enough to create secure connections between any two certified device within the local network environment

BRIEF DESCRIPTION OF THE DRAWINGS

A more complete understanding of the method and apparatus of the present invention may be obtained by reference to the following Detailed Description when taken in conjunction with the accompanying Drawings wherein:

FIG. 1 illustrates a number of personal communication devices associated in a personal network;

FIG. 2 is a block diagram of a personal certification authority device;

FIG. 3 illustrates a communication between a personal certification authority and a device being certified;

FIG. 4 is a flow diagram illustrating an initialization process performed between a personal certification authority device and a device to be certified, and

FIG. 5 illustrates a certificate provided by a personal certification authority according to the present invention.

DETAILED DESCRIPTION

Referring now to the drawings, and more particularly to FIG. 1, wherein there is illustrated a number of personal communication devices communicating with each other using, for example, the Bluetooth Wireless Technology. While the present description is made with respect to the use of the Bluetooth Wireless Technology, it should be realized by those skilled in the art that the present invention is applicable to any wireless or wireline communication system or protocol used for communicating among a number of personal communication devices 10. The system is applicable to personal communication devices using high rate Bluetooth. High rate Bluetooth operates at a bit speed of up to approximately 12 Mb/s The personal communication devices 10 include a personal certification authority device 5. A personal certification authority enables a user within a home or small office environment to utilize a public key infrastructure within a local, smaller personal network 20, such as a personal area network. Each unit within the personal network 20 shares a common root public key 25 in addition to a unique private key 30 associated with each personal communication device 10.

The personal certification authority device 5 issues certificates. A certificate certifies the public key of the private-public key pair and the identify of a device 10. The certificate is signed by the personal certification authority device 5. The public root key of the personal certification authority device 5 is used to verify a personal certification authority device 5 signature for any certificate issued by the personal certification authority device 5. All personal devices 10 share the same public root key All personal devices 10 are able to verify a certificate issued by the personal certification authority device 5 and consequently the public keys and identities of the other devices 10 in the local network Hence, by exchanging certificates secure communication can be established between any two devices in the local personal network.

A public/private key communication infrastructure enables a transmitting device to encode a message using a private key. A receiving device decodes the message using a known public key in order to reconstitute the received message. Information enabling decryption and encryption using the public and private keys is provided via the certificate issued by the personal certification authority device 15. The public and private keys are mathematically linked to one another enabling a message to be encrypted with the private key and decrypted with the public key. The public key is made available to all users and the private key is kept confidential by the individual to whom it is associated.

Referring now to FIG. 2, there is illustrated the personal certification authority device 15 described in FIG. 1. The personal certification authority device 15 may be any personal communication device, including, but limited to a mobile phone, personal digital assistant, PC, pager, etc. The personal certification authority device 15 includes a display 45 for displaying relevant information to a user and a keypad 50 for enabling a user to interface with the personal certification authority device 15. The personal certification authority device 15 further includes a private/public keypair 55 enabling encryption and decryption of communications. The private/public keypair 55 may be preconfigured at the manufacturer, or alternatively, the personal certification authority 15 may have the ability to generate a private/public keypair internally. A wireless interface 60 enables the personal certification authority device 15 to interact with other personal devices 10 (FIG. 1) in order to provide certificates thereto as will be more fully described in a moment. The wireless interface 60 preferably implements a Bluetooth connection according to the Bluetooth Wireless Technology. It should be realized that other than a wireless interface 60, a wireline interface may be implemented according to the system and method of the present invention

Initialization logic 65 controls a process wherein the personal certification authority device 15 connects with a corresponding personal device 10 and provides a certificate to that device, after authentication of the personal device 10, enabling secure communication from the personal device 10 to the personal certification authority device 15 or any other personal device 10 also having a provided certificate from the personal certification authority device 15. In the initialization phase, the user of the personal certification authority device 15 confirms the initialization of a new personal device 10. This can be done by a special key on the keypad 50 of the personal certification authority device 15. A memory 70 stores information relating to certificates and/or the ID's of personal communication device 10 for which the personal certification authority device 15 has issued a certificate.

Referring now to FIGS. 3 and 4, there is illustrated a situation wherein a personal certification authority device 15 establishing a connection with and initializes a personal device 10 via a wireless communications link 40. After the personal device 10 has established a connection 40 with the personal certification authority device 15 at step 75, the personal device 10 transmits at step 80 its identity together with a public key to the personal certification authority 15, and the personal certificate authority device 15 sends its public key (certificate authority root key) to the personal device 15. After this has been done, the connection 40 between the personal device 10 and the personal certification authority device 15 may be authenticated at step 85. However, this step is not required. As part of the authentication, a user of the personal device 10 may be asked to enter one or more pass key values into the personal device 10 or the personal certification authority device 15. The values entered will be displayed by either or both of the personal device 10 and personal certification authority 15.

The personal certification authority requests at step 90 that the personal device 10 prove that the personal device 10 possesses a private key corresponding to the public key sent to the personal certification authority device 15 at step 80. This may be done, for example, using a challenge response scheme. Additionally, the personal device 15 at step 90 might request the personal CA device 10 to prove that the personal CA device 10 possesses a private key corresponding to the private key sent to the personal device 10 at step 80 Once the personal device 10 has proved that it possesses the private key corresponding to the public key, the personal certification authority device 15 generates a certificate for device 10 at step 95. The certificate certifies the public key and the identity of the device 10. Referring now also to FIG. 5, the certificate 115 contains among other information, the identity 120 of the personal device 10, the public key 125 of the personal device 10 and a digital signature 130 of the personal certification authority device 15. This list of information is intended to be exemplary and other information may be included within the certificate 115. It should be understood that any certificate format known in the art, such as X.509, may be used.

The certificate 115 is forwarded to the personal device 10 at step 100 along with the public root key of the personal certification authority 15 The personal device 10 stores at step 105 the new certificate as well as the new personal certification authority public root key within a memory in the personal device 10. Preferably, the certificate and the public root key are stored in a tamper resistant memory or other secure storing means. The personal certification authority device 15 stores at step 110 the certificate or an ID of the personal device 10 in a memory 70 containing all the certificates or ID's for which the personal certification authority 15 has issued a certificate 115.

After the initialization has been completed, the personal device 10 possesses a certificate 115 that it can present to all other personal devices 10 attempting to generate a connection 40 with the personal device 10. The keys in the certificate 15 can be used to authenticate personal device 10, exchange session keys, sign information or encrypt information. This method makes it possible to create end to end secure relationships between two personal devices 10. In particular, bonding with other personal devices 10 that have been certified by the personal certification authority device 15 can easily be automated without user interaction The only requirement is that all personal devices 10 are initialized with the same personal certification authority device 15. This is useful for secure or peer to peer communications and small personal networks like Bluetooth, Bluetooth high rate (HR), or IEEE 802.11 networks.

The previous description is of a preferred embodiment for implementing the invention, and the scope of the invention should not necessarily be limited by this description. The scope of the present invention is instead defined by the following claims

*


Free Web Sudoku Puzzles.
Solve with your browser.
      8   1      
4 8 5       2   1
  1 2            
  9     6 3      
2 7   5   8   4 9
      2 4     1  
            3 6  
3   9       5 8 4
      4   5      
What is it?



Add Your Site · Terms Of Service · Privacy Policy


DISCLAIMER
Linkgrinder is a free service that searches the Internet and indexes all files found so that you may search quickly and easily for shared files. These files are created and made available individually by users whose identity we are not aware of and who we have no control over. In essence we function like a search engine tool; these files ARE NOT STORED OR SERVED BY OUR NETWORK. We are not responsible for any materials obtained by using our service. We do not monitor any of the contents of these files. These files may contain viruses, illegal materials, materials inappropriate for minors, offensive files and the like. BY USING OUR SERVICE, YOU ASSUME FULL RESPONSIBILITY FOR DOWNLOADING THESE MATERIALS AND WILL INDEMNIFY US FOR ANY DAMAGES THAT MAY BE INCURRED.

For More Specific Information VIEW OUR TERMS OF SERVICE.

Thank you and Enjoy!